Particle.news

Ostium Loses $18 Million in Oracle Automation Exploit

Trusted third-party automation that writes price data onchain can create single points of failure for decentralized finance

Overview

  • Security firm Blockaid detected the attack on July 15, 2026 and published transaction details showing roughly $18 million in USDC was drained from Ostium’s Arbitrum liquidity vault.
  • The attacker abused Ostium’s PriceUpKeep forwarder by submitting future-dated, authorized oracle reports that made losing trades look profitable and triggered a large payout.
  • Ostium immediately paused all trading and opened an investigation but has not reported any recovered funds or a final postmortem.
  • Onchain traces show the attacker converted part of the stolen USDC to ETH through the Kyber Network and spread funds across multiple wallets to obfuscate the trail.
  • The exploit continues a recent pattern of keeper and oracle-manipulation attacks and raises fresh questions about role management, validation of automated price feeds, and protections for liquidity providers.