Ostium, a decentralized trading protocol, has suspended all trading after an attacker drained roughly $18 million through an oracle manipulation attack. The exploit targeted the platform's price feed system, allowing the attacker to execute trades at artificially favorable rates.
How the exploit worked
Oracles are services that feed real-world data — like asset prices — into blockchain smart contracts. In this case, the attacker manipulated the price data that Ostium's trading engine relied on. By feeding false prices, the attacker could buy assets cheap and sell them high, or open positions that should not have been possible. The $18 million figure represents the total value extracted before the protocol detected the anomaly.
Immediate response
Ostium paused all trading activity shortly after discovering the manipulation. The team said it is investigating the attack and working to secure the platform. Trading remains suspended indefinitely. The protocol has not disclosed whether any user funds were lost beyond the exploited amount, or whether the attacker has been identified.
What users face now
Users of Ostium cannot currently open or close positions. Those with open positions may be stuck until the platform resumes operations. The company has not announced a timeline for when trading might restart or how it plans to recover the stolen funds. No information has been released about potential compensation for affected users.
The incident adds to a growing list of DeFi exploits tied to oracle manipulation. The $18 million loss is significant but not the largest in the sector. Ostium has not said whether it will pursue legal action or work with blockchain security firms to trace the funds.
The platform has not yet provided a date for when trading will resume.




