Futures
Access hundreds of perpetual contracts
CFD
Gold
One platform for global traditional assets
Options
Hot
Trade European-style vanilla options
Unified Account
Maximize your capital efficiency
Demo Trading
Introduction to Futures Trading
Learn the basics of futures trading
Futures Events
Join events to earn rewards
Demo Trading
Use virtual funds to practice risk-free trading
CFD
Stock CFD Derivatives
US Stocks
Access real US stocks and ETFs
HK Stocks
Trade quality Hong Kong-listed stocks
Korean Stocks
SK Hynix
Real Korean stocks and top assets
Stock Futures
High leverage, 24/7 trading
Tokenized Stocks
Backed by real stock assets
IPO Access
Unlock full access to global stock IPOs
GUSD
3.8%
Mint GUSD for Treasury RWA yields
Stocks Activities
Trade Popular Stocks and Unlock Generous Airdrops
Launch
CandyDrop
Collect candies to earn airdrops
Launchpool
Quick staking, earn potential new tokens
HODLer Airdrop
Hold GT and get massive airdrops for free
Pre-IPOs
Unlock full access to global stock IPOs
Alpha Points
Trade on-chain assets and earn airdrops
Futures Points
Earn futures points and claim airdrop rewards
Promotions
AI
Gate AI
Your all-in-one conversational AI partner
Gate AI Bot
Use Gate AI directly in your social App
GateClaw
Gate Blue Lobster, ready to go
Gate for AI Agent
AI infrastructure, Gate MCP, Skills, and CLI
Gate Skills Hub
10K+ Skills
From office tasks to trading, the all-in-one skill hub makes AI even more useful.
Breaking: RWA perpetual contract platform Ostium on Arbitrum hacked for $18 million! Leaked oracle private key causes trouble
A major security incident has reportedly surfaced in the Arbitrum ecosystem! Ostium, a decentralized perpetual contract platform focused on real-world assets (RWA) and aiming for long-term sustainability, was hit by a hack after the leakage of an Oracle private key. Hackers maliciously manipulated prices, causing losses of up to $18 million USDC, roughly 35% of the platform’s treasury funds. The official team is currently urgently launching an investigation. (Backgrounder: Dragonfly partner: DeFi “hacker doomsday” failed to materialize—the annualized amount stolen in 2026 was only $1.89 billion) (Additional background: Robinhood founder livestreamed seed phrases! Hackers trade Meme coins, and trading volume surges $20 million)
Table of contents
Toggle
The security defenses in the decentralized finance (DeFi) space are once again facing a severe test. On July 15, 2026, Taipei time, the RWA perpetual contract platform Ostium deployed on the Arbitrum network suffered a serious security vulnerability, allowing hackers to massively drain its liquidity vault.
Oracle private key leaked, hackers raked in 900% gains
According to preliminary investigations by multiple blockchain security firms including Blockaid, the core issue of this attack was not a code vulnerability in the smart contract itself, but a fatal lapse in “Oracle secret key management.” The attacker is suspected to have obtained the private key of the Oracle signer, thereby bypassing system verification and submitting arbitrarily manipulated price data.
The hackers used an already registered forwarder (PriceUpKeep forwarder) to submit future-dated authorized oracle reports, forging favorable asset prices for themselves. The method was: first use a small amount of USDC to open a Bitcoin (BTC) long position, then submit a low-price report to open the position, and submit a high-price report to close it, instantly triggering the platform’s configured maximum 900% profit cap. Through delegated actions, the attackers repeated this loop about 20 times, continuously extracting funds from the liquidity vault.
Loss exceeds $18 million, funds have been dispersed and moved
Arbiscan on-chain data shows that the attack caused Ostium’s main liquidity vault to lose approximately $11.86 million to $18 million USDC. The large loss is about 35% of the platform’s total treasury size (more than $34 million). Currently, the hackers have converted part of the stolen funds into Ether (ETH) and dispersed them across multiple wallet addresses in an attempt to evade tracking.
Secured $27.8 million in funding from top firms; officials urgently investigating
Ostium is a decentralized perpetual contract platform focused on non-crypto assets such as stocks, commodities, foreign exchange, and indices. Its non-crypto assets account for more than 95% of its open interest, and it uses oracle services such as Stork Network. The platform has performed impressively in the past: cumulative trading volume has surpassed $50 billion, and it has previously raised as much as $27.8 million from top venture capital firms including General Catalyst, Jump Crypto, and Coinbase Ventures.
As of the time of publication, the Ostium team is still carrying out a full investigation into the incident and has not released a complete official post-incident review report. The official team urged users to closely monitor its official channels such as X (formerly Twitter) and Discord for the latest announcements to obtain subsequent withdrawal instructions and security updates. The incident once again serves as a warning sign for the entire RWA and DeFi space, highlighting the absolute importance of oracle secret key management and real-time monitoring mechanisms.