TL;DR:
- The blockchain security firm Blockaid detected the vulnerability that compromised the capital of the decentralized finance platform.
- The attacker extracted an approximate sum of $18 million in the USDC stablecoin from the liquidity pool on the Arbitrum network.
- The firm Ostium had previously accumulated a total funding of $27.8 million and a cumulative transaction volume exceeding $50 billion.
A new security incident was recorded in the decentralized finance sector this Wednesday. A hacker drained funds through an Ostium exploit, the decentralized perpetuals exchange based on the Arbitrum Layer 2 network. The computer vulnerability allowed the theft of millions of dollars in stable digital assets directly from the protocol’s liquidity vaults.
🚨 Blockaid detected an @Ostium Vault exploit on Arbitrum.
An attacker used a registered PriceUpKeep forwarder and future-dated authorized oracle reports to create artificial trade profit, triggering a ~$18M USDC payout from the vault.
More details in 🧵— Blockaid (@blockaid_) July 15, 2026
A market report indicates that the incident was identified by the on-chain monitoring systems of the security firm Blockaid. Investigation data shows that the hacker used an authorized account within the protocol’s automated infrastructure to alter the system’s price time records. Official information indicates that future-dated timestamps were forged, generating fraudulent price reports within the mechanism.
The technical impact of the oracle attack
The official report details that the flaw stemmed from the manipulation of the component known as PriceUpKeep, which is part of Ostium’s automated machinery. By processing orders with altered timestamps, the system assumed highly profitable trading operations. This algorithmic mismatch resulted in the platform automatically authorizing a massive withdrawal worth exactly $18 million in USDC.
The infrastructure of the affected protocol allowed users to trade perpetual contracts on real-world assets, including commodities and equity indices, with leverage reaching up to 200x. Funds were settled exclusively in USDC currency. Data from the platform suggests that the nature of the attack shares direct similarities with a recent trend of vulnerabilities affecting multiple financial applications.
Moreover, historical records shared by auditing firms reveal that incidents of this nature have hit the industry in previous weeks. Last week, the Summer.fi protocol reported a loss amounting to $6 million under a similar methodology. Specialists point out that these techniques involve malicious actors gaining access to privileged roles to disrupt the synchronization of market price data feeds.
Financial context and trading volume
Regarding the protocol’s prior financial health, ecosystem records exhibit a solid institutional capital base. Ostium had raised $27.8 million in funding across its private equity rounds. The Series A round, finalized toward the end of 2025, injected a total of $24 million and was co-led by venture capital firms General Catalyst and Jump Crypto.
Furthermore, the platform maintained high operational activity prior to the service disruption caused by this hack. Public network statistics confirm that the application had processed a cumulative transaction volume exceeding $50 billion on its platform.
The Ostium development team will temporarily suspend deposit functions on the Arbitrum network while the code audit is completed. Cybersecurity agencies have scheduled the publication of the definitive forensic report on the affected smart contracts within the next 48 hours.






