Ostium, an Arbitrum-based perpetuals exchange for trading real-world assets that raised about $27.8 million from backers including General Catalyst and Jump Crypto, halted all trading Wednesday after an attacker manipulated its oracle system to drain as much as $18 million in USDC from its liquidity vault.

Blockaid, an onchain security firm, said the attacker "used a registered PriceUpKeep forwarder and future-dated authorized oracle reports to create artificial trade profit, triggering a ~$18M USDC payout from the vault." The firm disclosed the exploit transaction and the attacker's address, both on Arbitrum. The cited transaction, 0x359f8c05...d4870e0, is confirmed onchain.

Blockaid pegged the payout at roughly $18 million. Independent onchain observers put the figure lower, with some estimating the drained sum near $11.86 million. Ostium has not published its own accounting of the loss.

The protocol held about $63.3 million in total value locked shortly before the attack, according to DefiLlama data, which would make even the low-end estimate a meaningful share of the vault's balance.

The exploit is the latest to abuse the automated "keeper" and oracle systems that DeFi protocols use to push real-world prices onchain. Summer.fi lost about $6.04 million in a share-price manipulation on July 6, according to its post-mortem. In April 2025, an attacker drained roughly $7.5 million from KiloEx across three chains by impersonating a trusted keeper to feed the protocol false prices, a structure similar to what Blockaid described at Ostium.