Blockaid linked Ostium’s suspected $18M exploit to manipulated oracle reports, prompting an active investigation.
Another major security incident has struck the decentralized finance sector, adding to a growing wave of high-value crypto exploits. Attackers continue finding new ways to manipulate smart contracts and drain protocol funds despite ongoing security improvements. Ostium has now joined the list of affected platforms after a suspected exploit drained approximately $18 million from one of its vaults.Â
Blockaid Traces Attack to Oracle Report Manipulation
Blockchain security firm Blockaid has detected a suspected exploit targeting Ostium’s OLP vault on the Arbitrum network. This resulted in an estimated $18 million USDC loss.Â
According to Blockaid, an attacker combined a registered PriceUpKeep forwarder with future-dated, authorized oracle reports to fabricate trading profits. That manipulation reportedly triggered an artificial payout of roughly $18 million USDC from the protocol’s vault.
🚨 Blockaid detected an @Ostium Vault exploit on Arbitrum.
An attacker used a registered PriceUpKeep forwarder and future-dated authorized oracle reports to create artificial trade profit, triggering a ~$18M USDC payout from the vault.
More details in 🧵— Blockaid (@blockaid_) July 15, 2026
The firm stated that its monitoring system identified the suspicious transaction shortly after it was executed. On-chain records show the transfer was completed about one hour before the security alert was published. Transaction details indicate the exploit was successfully executed in block 484137113 with 410 Layer 1 confirmations.Â
Reports also indicate the attacker relied on an “Execute Batch” function call during the exploit. Security researchers have increasingly associated that function with sophisticated smart contract attacks targeting decentralized finance protocols.
Ostium Pauses Trading After Suspected Exploit
Ostium quickly acknowledged the incident after Blockaid disclosed it. In an X post, the protocol confirmed it was aware of issues affecting the OLP vault and immediately paused all trading while the team investigates the cause.
According to the latest update, all trader funds and open positions remain preserved and frozen, while funds held in the trading storage contract have been paused. Ostium said it is working with relevant security experts to investigate the incident and will share additional updates as more information becomes available.
Update: All trader funds and open positions are currently preserved as-is (frozen). Funds in the trading storage contract are paused. The team is actively investigating with relevant security experts. We will provide updates as they come. https://t.co/zDe8gapmS3
— Ostium (@Ostium) July 15, 2026
The protocol also warned users about impersonation attempts, cautioning that fake accounts may appear in reply threads claiming to represent Ostium. Users were advised not to click suspicious links while the investigation continues.
Recent Security Breaches Reflect Rising Risks Across DeFi
Growing attack numbers continue to raise concerns across the crypto industry. Earlier in June, attackers compromised Humanity Protocol in an incident that reportedly resulted in losses of between $32 million and $36 million.
According to reports, hackers first targeted a Humanity Foundation director through a phishing campaign. Remote access to the victim’s laptop allegedly provided access to wallet information and private keys. Attackers later transferred approximately 141.18 million H tokens.
Another major exploit occurred in May when Gravity Bridge lost approximately $5.4 million in digital assets. Blockchain security firm PeckShield reported that attackers stole roughly $4.3 million in USDC, 274 wrapped Ether valued at about $553,000, USDT worth approximately $434,000, and 14.164 PAX Gold tokens valued at nearly $64,000.





Leave a Reply
You must be logged in to post a comment.