The security firm Blockaid identified that the attacker utilized a registered PriceUpKeep forwarder to manipulate the decentralized perpetual exchange. Rather than targeting flaws within the smart contract code, the breach relied on high-level access to trusted data feeds. The actor performed roughly 20 trading loops, effectively shifting losses to the vault while extracting value under the guise of legitimate market activity. Records on Arbiscan confirm the drained amount fluctuates between $11.86 million and $18 million.
Ostium has suspended all trading operations while the team works with security experts to assess the state of frozen funds and open positions. The incident underscores a persistent vulnerability in decentralized finance: even projects backed by institutional investors like General Catalyst, Jump Crypto, and Coinbase Ventures remain susceptible when the infrastructure surrounding audited code is compromised. Despite multiple security audits, the project could not prevent the failure of its oracle authentication, a critical point of exposure that allowed the attacker to manipulate price inputs without triggering standard protocol safeguards.

Comments (0)
No comments yet. Be the first!