Ostium Halts Trading After Oracle Exploit, $18–22M Loss
Ostium paused trading after Blockaid and CertiK reported an apparent oracle compromise tied to an OLP vault exploit that security firms estimate at about $18–$22 million.
Ostium paused all trading on Wednesday after security firms Blockaid and CertiK reported an apparent compromise of the protocol’s oracle system that may have caused losses of about $18–$22 million. Blockaid estimated losses near $18 million while CertiK placed the figure at about $22 million; both firms linked the incident to Ostium’s oracle, which supplies external price data to the platform.
The protocol halted trading after identifying a problem affecting its OLP liquidity vault and urged users to take immediate precautions.
On X, Ostium posted: “With user security being our first concern, we recommend that all users temporarily revoke approvals for our contracts until we can further investigate the recent incident.” The protocol said its team is investigating and has not yet confirmed the cause of the incident or the loss estimates reported by the security firms.
Ostium is an on-chain perpetuals trading platform built on Arbitrum that offers leveraged exposure across about 75 trading pairs, including stocks, ETFs, commodities, indices, foreign exchange and cryptocurrencies. The OLP liquidity vault is a core component of its infrastructure and was the element security firms identified as affected.
Oracles feed external price data into smart contracts. If those feeds are manipulated, attackers can create incorrect valuations that allow them to drain funds or trigger unintended trades. Ostium did not specify whether funds remain accessible or whether any safeguards limited losses.
The incident follows a series of high-value exploits affecting decentralized finance protocols this year. Data tracking shows nearly $630 million in losses during April, the highest monthly total since February 2025, with several large exploits accounting for most of that sum. Security researchers say recent attacks increasingly target off-chain infrastructure such as oracles, privileged-access accounts and key management rather than only exploiting smart contract code.
Analysts and industry executives have warned that such infrastructure vulnerabilities complicate broader institutional use of decentralized finance. JPMorgan analysts wrote that bridge security remains a key challenge for the sector. Misha Putiatin, CEO of Statemind and co-founder of Symbiotic, said institutions increasingly struggle to quantify hack risk, making them less willing to accept the sector’s returns.
Ostium said it will continue investigating and will update users as more information becomes available.
The material on GNcrypto is intended solely for informational use and must not be regarded as financial advice. We make every effort to keep the content accurate and current, but we cannot warrant its precision, completeness, or reliability. GNcrypto does not take responsibility for any mistakes, omissions, or financial losses resulting from reliance on this information. Any actions you take based on this content are done at your own risk. Always conduct independent research and seek guidance from a qualified specialist. For further details, please review our Terms, Privacy Policy and Disclaimers.







