Another DeFi Exploit: Perp DEX Ostium Loses $18 Million in Oracle Attack

CN
Decrypt
Follow
2 hours ago

Ostium lost roughly $18 million on Wednesday after attackers compromised an oracle signer key and manipulated the decentralized perpetuals exchange's price feed to generate fake trading profits, according to blockchain security firm Blockaid.


In a post on X, Blockaid said the attacker used a registered PriceUpKeep forwarder and future-dated authorized oracle reports to create artificial trading profits, triggering the multi-million payout—in the form of the Circle-issued stablecoin USDC—from Ostium's liquidity vault.


“We are aware of the issue with the OLP vault,” Ostium wrote on X. “We have paused all trading. The team is investigating.”





Built on Arbitrum, Ostium offers perpetual futures tied to real-world assets including stocks, commodities, foreign exchange markets, and indices. It operates as a decentralized exchange, or DEX, meaning users largely stay in control of their funds and do not provide personally identifiable information. At the time of the attack, the protocol held about $63 million in total value locked, meaning the exploit drained close to one-third of its liquidity.


The attack comes amid one of the worst years on record for DeFi exploits. DeFi, or decentralized finance, refers to financial applications that operate natively on blockchain networks, without third-party intermediaries like banks. More than $840 million was stolen from DeFi protocols in the first five months of 2026, including $292 million stolen from KelpDAO and $285 million from Drift Protocol. Hackers also targeted Resolv Labs in June, stealing over $25 million.


Security experts warn that advances in artificial intelligence are accelerating exploit discovery.


"AI is far better at reviewing code than most people and finding potential vulnerabilities in it," Danny Jenkins, CEO and co-founder of ThreatLocker, previously told Decrypt. Jenkins said current AI systems are already accelerating vulnerability discovery, while newer models such as Mythos could significantly expand those capabilities, calling it an imminent “big problem.”


“It will be only a matter of time until someone bad gets access to it,” he said.


In May, security researcher Taylor Hornby used Anthropic's Claude Opus 4.8 to identify a four-year-old counterfeiting vulnerability in Zcash, underscoring how frontier AI models are becoming increasingly effective at finding complex software flaws.


免责声明:本文章仅代表作者个人观点,不代表本平台的立场和观点。本文章仅供信息分享,不构成对任何人的任何投资建议。用户与作者之间的任何争议,与本平台无关。如网页中刊载的文章或图片涉及侵权,请提供相关的权利证明和身份证明发送邮件到support@aicoin.com,本平台相关工作人员将会进行核查。

Share To
APP

X

Telegram

Facebook

Reddit

CopyLink