Guavy AI Editorial TeamSentiment: -4Clout: 58

$24M Oracle Exploit Hits Ostium, Trading on Arbitrum Suspended

Ostium, a decentralized finance platform specializing in real-world asset (RWA) perpetual trading, was hit by a $24 million oracle exploit on July 15, 2026. The incident led to an immediate emergency response from the development team and temporarily suspended trading operations.

According to blockchain security researchers, the attack occurred within a five-minute window between 14:18 UTC and 14:23 UTC. Within that time, the attacker manipulated the protocol's pricing infrastructure, allowing fraudulent trades to appear profitable despite not reflecting legitimate market prices.

The exploit centered on a compromised oracle signer rather than a vulnerability within Ostium's smart contract code itself. The attacker gained access to an authorized oracle signer key and used it to approve a price report with a future timestamp. This allowed the manipulated pricing information to be accepted by the trading engine, resulting in artificial profits that enabled millions of dollars to be withdrawn from the public OLP liquidity vault.

The total amount transferred from the protocol may have reached nearly $24 million, making it one of the most notable DeFi security incidents of 2026. The investigation remains ongoing, with blockchain security firms, cybersecurity specialists, and law enforcement agencies working alongside the Ostium team to determine exactly how the attack was executed and whether any stolen assets can be recovered.