Ostium vault drained in Arbitrum exploit, losses pegged near $18M

- An attacker drained roughly $18–20 million from Ostium’s vault on Arbitrum by compromising an oracle signer’s private key and submitting fake.
- The manipulated price feed let the attacker book fake trade profits, which the vault paid out in USDC.
- Ostium has paused trading and is investigating, joining a wave of 2026 exploits tied to compromised privileged access.
An attacker has drained 18 million in USDC from the Ostium vault on Arbitrum. Security firm Blockaid flagged the incident on X, blaming the attack on a manipulation of Ostium’s price feed.
According to the security firm, the attacker used a registered PriceUpKeep forwarder and submitted authorized oracle reports dated into the future. That allowed the attacker to book trade profits that did not exist, and the vault paid them out in USDC.
Blockaid put the payout at about $18 million.
What happened to Ostium?
Security firm ExVul wrote on X, “The attack stems from a Private Key Compromise (Oracle Signer) resulting in price manipulation.”
Defimon Alerts reached a similar conclusion, labeling the event a private-key compromise of a privileged oracle signer that led to price manipulation. Both descriptions point to Ostium’s oracle layer as the weak link.
However, there is full consensus on the total amount lost in the exploit. Blockaid says that the exploit triggered “~$18M USDC payout from the vault.”
ExVul reported that $11.86 million in USDC left the vault, adding that it amounted to about 32% of Ostium’s $34.3 million in total value locked (TVL). Defimon Alerts logged an even higher figure, stating that Ostium lost approximately $20 million. However, it also mentioned that 11,862,445 USDC was drained from the vault.
Ostium is a perpetual exchange built on Arbitrum that lets people trade leveraged positions on assets like foreign exchange, commodities, metals, and equities directly from a self-custody wallet. It was one of the first DeFi venues to bring that kind of traditional-market exposure on-chain.
Ostium recently announced institutional backing and platform upgrade
In late April, Ostium rolled out what it called a decentralized execution layer, a system that routes on-chain orders to off-chain institutional partners for hedging. The reason for this, per co-founder and CTO Marco Antonio Ribeiro, was to connect smart contracts to institutional messaging systems with sub-100-millisecond latency.
Ostium closed a $20 million Series A in December 2025 co-led by General Catalyst and Jump, according to DefiLlama’s funding records, which also list Coinbase Ventures, Wintermute Ventures, and GSR among the backers. Other reports put the company’s total raised at $27.8 million.
DefiLlama’s dashboard currently shows Ostium holding $63.33 million in total value locked, all on Arbitrum, with more than $60 billion in cumulative perpetual volume since launch.
Another addition to a brutal stretch for crypto security
Now Ostium has joined the growing list of companies that have suffered a breach in 2026.
The second quarter of 2026 closed as the most attack-heavy quarter on record by incident count, with roughly 83 separate exploits through late June.
It is already halfway into July, and the list keeps on growing. Compromised administrator credentials and fake price manipulation accounted for about 37% of those losses, and private-key theft for another 5.7%.
An oracle-signer compromise of the kind described at Ostium sits squarely inside that trend of attacks aimed at privileged access.
Ostium has acknowledged the exploit, writing on X, “We are aware of the issue with the OLP vault. We have paused all trading. The team is investigating.” So far, it has not released any statement that addresses the size of the loss.
If you're reading this, you’re already ahead. Stay there with our newsletter.
FAQs
How much was stolen from Ostium?
Estimates differ by source. Blockaid cited about $18 million, ExVul counted roughly $11.86 million in USDC, and Defimon Alerts logged close to $20 million, with about 11,862,445 in USDC.
How did the Ostium exploit work?
Blockaid said the attacker used a registered PriceUpKeep forwarder and future-dated authorized oracle reports to fake trade profits, while ExVul and Defimon Alerts attributed it to a compromised oracle-signer key that enabled price manipulation.
What is Ostium?
Ostium is a decentralized perpetuals exchange on Arbitrum that offers leveraged trading on real-world assets such as forex, commodities, metals, and equities from a self-custody wallet, and it raised a $20 million Series A in December 2025 co-led by General Catalyst and Jump.
Disclaimer. The information provided is not trading advice. Cryptopolitan.com holds no liability for any investments made based on the information provided on this page. We strongly recommend independent research and/or consultation with a qualified professional before making any investment decisions.

Hannah Collymore
Hannah is a writer and editor with nearly a decade of blog writing and event reporting experience in the crypto space. At Cryptopolitan, Hannah contributes to the news page, reporting and analyzing the latest developments in DeFi, RWA, crypto regulation, AI and frontier tech industries. She graduated from Arcadia university with a degree in Business Administration.
















