Ostium Vault, a settlement layer built on Arbitrum for perpetual real-world asset trading, has reportedly been hit by a $18 million exploit. The vault essentially serves as the underlying liquidity layer for Ostium Protocol, a decentralized exchange.
The official X handle of Ostium acknowledged the incident, informing its community members of all trading services being halted with an investigation being initiated.
The development was first flagged by onchain security firm Blockaid on Wednesday. It claimed that a malicious actor has managed to withdraw $18 million worth of USDC as payout from the vault.
“An attacker used a registered PriceUpKeep forwarder and future-dated authorized oracle reports to create artificial trade profit,” Blockaid said, that also posted the wallet address of the exploiter.
In simpler words, the compromise of a private key — used as an Oracle signer — which resulted in a price manipulation incident leading to the exploit.
Explaining the case, security firm ExVul said that the attacker used the compromised private key as a registered forwarder of the affected smart contracts.
“The attacker then executed 20 loops of delegatedAction. By feeding these self-signed favorable prices, they were able to instantly open and close trades at a massive profit, siphoning funds from the $oLP vault,” ExVul claimed in its breakdown of the attack.
As of now, the Ostium team has not confirmed the exact amount lost in the breach. More insights in the incident and Ostium’s loss recovery plans remain awaited for now. While Blockaid had claimed $18 million could have been lost to the attack, CertiK claimed the figure could be as high as $22 million.
The incident now adds to the growing list of exploits hitting the DeFi ecosystem. In the last few weeks alone, Summer Finance and BonkDAO suffered breaches and recorded $6 million and $20 million in losses respectively.
According to a recent report by TRM Labs, the digital assets ecosystem lost $970 million to 207 exploits in the first half of 2026.
“Much of the increase has come from smart contract exploits targeting DeFi protocols, decentralized exchanges, and token projects,” TRM alerted.
Source: TRM




