Ostium halts trading after $18M OLP vault exploit

Ostium paused trading after an attacker exploited its OLP vault on Arbitrum and withdrew about $18 million in USDC. Blockaid reported use of a PriceUpKeep forwarder and future-dated oracle reports.

Ostium paused trading on Wednesday after Blockaid reported an attacker exploited the exchange's OLP vault on Arbitrum and withdrew about $18 million in USDC.

Blockaid reported the attacker “used a registered PriceUpKeep forwarder and future-dated authorized oracle reports to create artificial trade profit, triggering an ~$18 million USDC payout from the vault.”

Ostium wrote on X that it was aware of an issue with the OLP vault, had paused all trading and that its team was investigating.

On-chain data reviewed after the incident shows portions of the stolen USDC were swapped into ether through the Kyber Network and the resulting ETH was moved across multiple wallets. Visual maps of the transfers indicate asset movement began shortly after the payout.

The exploit occurred on Arbitrum, the Ethereum layer-2 network that hosts the OLP vault. Ostium operates an on-chain perpetuals exchange and recently announced a partnership with Nasdaq to offer equity perpetual products. The exchange reported it had processed more than $50 billion in cumulative trading volume at the time of that partnership.

Ostium was founded by Kaledora Kiernan-Linn and Marco Antonio Ribeiro, both Harvard alumni. The startup has raised $27.8 million to date, including a $20 million Series A co-led by General Catalyst and Jump Crypto, and lists investors such as LocalGlobe, Susquehanna and Alliance DAO.

Security researchers and on-chain monitors are tracking the wallets that received the funds and mapping the transfer patterns. Early traces show rapid swaps and dispersals. There was no immediate public indication that funds had been returned to the exchange or to users.

Ostium has not released a full post-mortem or a list of affected contracts and users. The company did not provide a timeline for resuming trading or state whether insurance or reserves will cover the loss. The pause affects users with open positions and those attempting to trade.

Ostium and external security teams are analyzing contract logs, oracle reports, forwarder registrations and contract permissions to determine the exact exploit vector. Security firms and analytics providers continue to monitor transactions tied to the suspected attacker wallets to assess whether funds can be traced, frozen or recovered.

Ostium wrote it will update users as the investigation progresses.

The content on The Coinomist is for informational purposes only and should not be interpreted as financial advice. While we strive to provide accurate and up-to-date information, we do not guarantee the accuracy, completeness, or reliability of any content. Neither we accept liability for any errors or omissions in the information provided or for any financial losses incurred as a result of relying on this information. Actions based on this content are at your own risk. Always do your own research and consult a professional. See our Terms, Privacy Policy, and Disclaimers for more details.

Articles by this author