Breaking: RWA perpetual contract platform Ostium on Arbitrum hacked for $18 million! Leaked oracle private key causes trouble

A major security incident has reportedly surfaced in the Arbitrum ecosystem! Ostium, a decentralized perpetual contract platform focused on real-world assets (RWA) and aiming for long-term sustainability, was hit by a hack after the leakage of an Oracle private key. Hackers maliciously manipulated prices, causing losses of up to $18 million USDC, roughly 35% of the platform’s treasury funds. The official team is currently urgently launching an investigation. (Backgrounder: Dragonfly partner: DeFi “hacker doomsday” failed to materialize—the annualized amount stolen in 2026 was only $1.89 billion) (Additional background: Robinhood founder livestreamed seed phrases! Hackers trade Meme coins, and trading volume surges $20 million)

Table of contents

Toggle

  • Oracle private key leaked, hackers raked in 900% gains
  • Loss exceeds $18 million, funds have been dispersed and moved
  • Secured $27.8 million funding from top firms; officials urgently investigating

The security defenses in the decentralized finance (DeFi) space are once again facing a severe test. On July 15, 2026, Taipei time, the RWA perpetual contract platform Ostium deployed on the Arbitrum network suffered a serious security vulnerability, allowing hackers to massively drain its liquidity vault.

Oracle private key leaked, hackers raked in 900% gains

According to preliminary investigations by multiple blockchain security firms including Blockaid, the core issue of this attack was not a code vulnerability in the smart contract itself, but a fatal lapse in “Oracle secret key management.” The attacker is suspected to have obtained the private key of the Oracle signer, thereby bypassing system verification and submitting arbitrarily manipulated price data.

🚨 Blockaid detected an @Ostium Vault exploit on Arbitrum.

An attacker used a registered PriceUpKeep forwarder and future-dated authorized oracle reports to create artificial trade profit, triggering a ~$18M USDC payout from the vault.
More details in 🧵

— Blockaid (@blockaid_) July 15, 2026

The hackers used an already registered forwarder (PriceUpKeep forwarder) to submit future-dated authorized oracle reports, forging favorable asset prices for themselves. The method was: first use a small amount of USDC to open a Bitcoin (BTC) long position, then submit a low-price report to open the position, and submit a high-price report to close it, instantly triggering the platform’s configured maximum 900% profit cap. Through delegated actions, the attackers repeated this loop about 20 times, continuously extracting funds from the liquidity vault.

Loss exceeds $18 million, funds have been dispersed and moved

Arbiscan on-chain data shows that the attack caused Ostium’s main liquidity vault to lose approximately $11.86 million to $18 million USDC. The large loss is about 35% of the platform’s total treasury size (more than $34 million). Currently, the hackers have converted part of the stolen funds into Ether (ETH) and dispersed them across multiple wallet addresses in an attempt to evade tracking.

Secured $27.8 million in funding from top firms; officials urgently investigating

Ostium is a decentralized perpetual contract platform focused on non-crypto assets such as stocks, commodities, foreign exchange, and indices. Its non-crypto assets account for more than 95% of its open interest, and it uses oracle services such as Stork Network. The platform has performed impressively in the past: cumulative trading volume has surpassed $50 billion, and it has previously raised as much as $27.8 million from top venture capital firms including General Catalyst, Jump Crypto, and Coinbase Ventures.

As of the time of publication, the Ostium team is still carrying out a full investigation into the incident and has not released a complete official post-incident review report. The official team urged users to closely monitor its official channels such as X (formerly Twitter) and Discord for the latest announcements to obtain subsequent withdrawal instructions and security updates. The incident once again serves as a warning sign for the entire RWA and DeFi space, highlighting the absolute importance of oracle secret key management and real-time monitoring mechanisms.

ARB-4.07%
RWA-0.42%
USDC0.01%
MEME-1.75%
View Original
This page may contain third-party content, which is provided for information purposes only (not representations/warranties) and should not be considered as an endorsement of its views by Gate, nor as financial or professional advice. See Disclaimer for details.
  • Reward
  • Comment
  • Repost
  • Share
Comment
Add a comment
Add a comment
No comments
  • Pinned