Ostium RWA Perpetual DEX Plummets: $18M Exploit Drains USDC Vault on Arbitrum
The Ostium RWA perpetual decentralized exchange (DEX) suffered a devastating $18 million exploit on Arbitrum today, with an attacker draining 18 million in USDC directly from its vault. Security firm Blockaid flagged the incident, attributing the breach to a manipulation of Ostium’s price feed. The attacker exploited a registered PriceUpKeep forwarder, submitting fraudulent oracle reports dated into the future to book nonexistent trade profits, which the vault paid out in USDC. Blockaid confirmed the payout at approximately $18 million, sending shockwaves through the DeFi sector.
What happened to Ostium?
Security firm ExVul wrote on X, “The attack stems from a Private Key Compromise (Oracle Signer) resulting in price manipulation.”
Defimon Alerts reached a similar conclusion, labeling the event a private-key compromise of a privileged oracle signer that led to price manipulation. Both descriptions point to Ostium’s oracle layer as the weak link.
However, there is full consensus on the total amount lost in the exploit. Blockaid says that the exploit triggered “~$18M USDC payout from the vault.”
ExVul reported that $11.86 million in USDC left the vault, adding that it amounted to about 32% of Ostium’s $34.3 million in total value locked (TVL). Defimon Alerts logged an even higher figure, stating that Ostium lost approximately $20 million. However, it also mentioned that 11,862,445 USDC was drained from the vault.
Ostium is a perpetual exchange built on Arbitrum that lets people trade leveraged positions on assets like foreign exchange, commodities, metals, and equities directly from a self-custody wallet. It was one of the first DeFi venues to bring that kind of traditional-market exposure on-chain.
Ostium recently announced institutional backing and platform upgrade
In late April, Ostium rolled out what it called a decentralized execution layer, a system that routes on-chain orders to off-chain institutional partners for hedging. The reason for this, per co-founder and CTO Marco Antonio Ribeiro, was to connect smart contracts to institutional messaging systems with sub-100-millisecond latency.
Ostium closed a $20 million Series A in December 2025 co-led by General Catalyst and Jump, according to DefiLlama’s funding records, which also list Coinbase Ventures, Wintermute Ventures, and GSR among the backers. Other reports put the company’s total raised at $27.8 million.
DefiLlama’s dashboard currently shows Ostium holding $63.33 million in total value locked, all on Arbitrum, with more than $60 billion in cumulative perpetual volume since launch.
Another addition to a brutal stretch for crypto security
Now Ostium has joined the growing list of companies that have suffered a breach in 2026.
The second quarter of 2026 closed as the most attack-heavy quarter on record by incident count, with roughly 83 separate exploits through late June.
It is already halfway into July, and the list keeps on growing. Compromised administrator credentials and fake price manipulation accounted for about 37% of those losses, and private-key theft for another 5.7%.
An oracle-signer compromise of the kind described at Ostium sits squarely inside that trend of attacks aimed at privileged access.
Ostium has acknowledged the exploit, writing on X, “We are aware of the issue with the OLP vault. We have paused all trading. The team is investigating.” So far, it has not released any statement that addresses the size of the loss.
The smartest crypto minds already read our newsletter. Want in? Join them.
Log in to Reply
Log in to comment your thoughtsComments
Related Articles