By Jason Nelson
2 min read
Ostium lost roughly $18 million on Wednesday after attackers compromised an oracle signer key and manipulated the decentralized perpetuals exchange's price feed to generate fake trading profits, according to blockchain security firm Blockaid.
In a post on X, Blockaid said the attacker used a registered PriceUpKeep forwarder and future-dated authorized oracle reports to create artificial trading profits, triggering the multi-million payout—in the form of the Circle-issued stablecoin USDC—from Ostium's liquidity vault.
“We are aware of the issue with the OLP vault,” Ostium wrote on X. “We have paused all trading. The team is investigating.”
Built on Arbitrum, Ostium offers perpetual futures tied to real-world assets including stocks, commodities, foreign exchange markets, and indices. It operates as a decentralized exchange, or DEX, meaning users largely stay in control of their funds and do not provide personally identifiable information. At the time of the attack, the protocol held about $63 million in total value locked, meaning the exploit drained close to one-third of its liquidity.
The attack comes amid one of the worst years on record for DeFi exploits. DeFi, or decentralized finance, refers to financial applications that operate natively on blockchain networks, without third-party intermediaries like banks. More than $840 million was stolen from DeFi protocols in the first five months of 2026, including $292 million stolen from KelpDAO and $285 million from Drift Protocol. Hackers also targeted Resolv Labs in June, stealing over $25 million.
Security experts warn that advances in artificial intelligence are accelerating exploit discovery.
"AI is far better at reviewing code than most people and finding potential vulnerabilities in it," Danny Jenkins, CEO and co-founder of ThreatLocker, previously told Decrypt. Jenkins said current AI systems are already accelerating vulnerability discovery, while newer models such as Mythos could significantly expand those capabilities, calling it an imminent “big problem.”
“It will be only a matter of time until someone bad gets access to it,” he said.
In May, security researcher Taylor Hornby used Anthropic's Claude Opus 4.8 to identify a four-year-old counterfeiting vulnerability in Zcash, underscoring how frontier AI models are becoming increasingly effective at finding complex software flaws.
Decrypt-a-cookie
This website or its third-party tools use cookies. Cookie policy By clicking the accept button, you agree to the use of cookies.