Ostium, the decentralized derivatives platform operating on the Arbitrum network, lost approximately 18 million USDC after an attack on its price data infrastructure. On-chain data and Blockaid’s findings showed that the attacker was sending fake oracle reports using a registered component of the protocol.
Method of attack
Blockaid announced that the attacker exploited a PriceUpKeep forwarder component registered in Ostium’s automatic price transfer system. Future time stamps were used in the sent oracle reports, thus showing the transactions in loss as if they were in profit. This mechanism triggered a payment of 18 million USDC from the protocol vault.
Blockaid reported that 18 million USDC was released from the vault as a result of manipulated oracle reports containing post-dated timestamps making transactions appear profitable.
Ostium is known as an Arbitrum platform that offers perpetual futures trading on real-world assets such as commodities, currencies and stock indices. Transactions are settled in USDC and up to 200x leverage is offered on the platform.
Mini dictionary: Oracle is the system that carries data such as prices outside the blockchain to smart contracts. Keeper refers to the automation component that writes this data to the chain or triggers the process when certain conditions occur.
The weakness in the price infrastructure came to the fore
Ostium uses a proprietary price feed system to track prices of real-world assets. In this structure, a third-party automation network called Gelato is responsible for moving price data into the chain at necessary moments. The PriceUpKeep smart contract, which is at the center of the process, acts as the trigger that writes the latest price information to the blockchain when a transaction needs to be executed.
It is considered that the attack is similar to the oracle and keeper system vulnerabilities seen in the DeFi field in recent years. The incident that occurred on the Summer.fi platform last week, which resulted in a loss of 6 million dollars, brought up a similar risk topic. In such cases, attackers can extract funds from liquidity pools by gaining access to privileged roles and changing the timing or content of price data.
The misuse of a registered component in Ostium’s automation chain reiterated how critical the timing of price data is.
Ostium’s scale and history
Ostium had reached a significant size before the attack. The platform raised a total investment of $27.8 million. Its $24 million Series A round was co-led by General Catalyst and Jump Crypto in late 2025.
There was also a remarkable picture on the transaction volume side. Ostium’s cumulative transaction volume had reached over $50 billion. This data shows that the attack has brought into question not only a single protocol, but also the broader DeFi infrastructure that carries real-world assets on-chain.
