An attacker drained approximately $18 million in USDC from Ostium’s liquidity vault on Arbitrum in an oracle manipulation exploit discovered by blockchain security firm Blockaid, onchain data shows.
According to Blockaid’s alert, the attacker leveraged a registered PriceUpKeep forwarder, a component of Ostium’s automated infrastructure, to submit oracle price reports with future-dated timestamps. The manipulated reports created the appearance of profitable trades, which triggered an $18 million USDC payout from the box.
Ostium is a decentralized perpetuals exchange on Arbitrum that allows users to trade in the real world, including commodities, forex and stock indices, with up to 200x leverage, which settles in USDC.
Ostium uses a custom price feed system to track real-world asset prices, with a third-party automation network called Gelato responsible for pushing those prices onto the chain at the right times. A smart contract called PriceUpKeep sits at the center of this process, acting as the trigger that writes the latest price data to the blockchain when a trade needs to be executed.



