Ostium, an Arbitrum-based perpetuals exchange for trading real-world assets, halted trading Wednesday after an attacker manipulated its oracle system and drained up to $18 million in USDC from the protocol's vault. The exploit forced the exchange to pause all activity while the team investigates.
How the attack worked
The attacker targeted Ostium's oracle system, which feeds price data for real-world assets onto the chain. By manipulating those price feeds, the attacker was able to withdraw funds that weren't theirs. Ostium's team confirmed the exploit in a statement, saying the trading halt was necessary to prevent further losses.
Backers and funding
Ostium raised roughly $27.8 million from investors including General Catalyst and Jump Crypto. The size of the exploit — up to $18 million — means the attacker made off with a significant chunk of the protocol's total raised capital, though the vault's total value locked at the time of the attack hasn't been disclosed.
The exchange remains paused as of Thursday morning. Ostium hasn't said when trading will resume or whether affected users will be made whole. The team is working with security firms to trace the stolen funds, but no arrests or freezes have been announced. The incident is the latest in a string of oracle manipulation attacks that have hit DeFi protocols this year.




