An attacker drained roughly $18 million in USDC from Ostium’s liquidity vault on Arbitrum in an oracle manipulation exploit detected by blockchain safety agency Blockaid, onchain knowledge exhibits.
In response to Blockaid’s alert, the attacker leveraged a registered PriceUpKeep forwarder, a element of Ostium’s automated infrastructure, to submit oracle value stories with future-dated timestamps. The manipulated stories created the looks of worthwhile trades, which triggered an $18 million USDC payout from the vault.
Ostium is a decentralized perpetuals change on Arbitrum that permits customers to commerce real-world property together with commodities, foreign exchange, and fairness indices, with as much as 200x leverage, settling in USDC.
Ostium makes use of a customized price-feed system to trace real-world asset costs, with a third-party automation community known as Gelato answerable for pushing these costs onchain on the proper moments. A wise contract known as PriceUpKeep sits on the heart of that course of, performing because the set off that writes the newest value knowledge to the blockchain every time a commerce must be executed.

