An attacker drained approximately $18 million in USDC from Ostium’s liquidity vault on Arbitrum in an oracle manipulation exploit detected by blockchain security firm Blockaid, on-chain data shows.
According to Blockaid’s alert, the attacker leveraged a PriceUpKeep registered forwarder, a component of Ostium’s automated infrastructure, to send Oracle price reports with future-dated timestamps. The manipulated reports created the appearance of profitable operations, resulting in an $18 million payout from the vault.
Ostium is a decentralized perpetual exchange on Arbitrum that allows users to trade real-world assets, including commodities, currencies, and stock indices, with up to 200x leverage, settling in USDC.
Ostium uses a custom price feed system to track real-world asset prices, with a third-party automation network called Gelato responsible for pushing those prices up the chain at appropriate times. A smart contract called PriceUpKeep sits at the center of that process, acting as the trigger that writes the latest price data to the blockchain whenever a trade needs to be executed.




