Ostium, an Arbitrum-based decentralized perpetuals exchange, pauses trading after an apparent oracle-related attack that security firms estimate caused losses in the $18 million to $22 million range. Multiple reports describe how an attacker targets Ostium’s price-reporting mechanism by falsifying oracle data to influence the protocol’s trading and settlement outcomes. One account says the hacker compromises an oracle signer key and submits fraudulent, future-dated pricing data. This enables the attacker to create artificial conditions that generate fake trading profits, which then lead to a payout from Ostium’s on-chain systems.
Following the incident, Ostium halts trading and urges users to revoke relevant contract approvals, according to the reporting. The exploit is framed as part of a continuing wave of DeFi incidents involving oracle manipulation, with observers pointing to how attackers may reuse or compromise components of oracle infrastructure to affect exchange calculations and liquidity vault behavior.
Across outlets, the event is consistently described as an oracle manipulation leading to approximately $18 million in drained funds, with some estimates placing potential total impact as high as $22 million.