Ostium Suffers a $18 Million Attack Due to a Stolen Oracle Key

robot
Abstract generation in progress
CoinJie.com news: The Ostium platform was hit by an attack worth $18 million after its stolen oracle key was compromised. The attacker obtained the private key used to sign Ostium’s price oracle reports, and used it to push false price data to Ostium’s automated system, making its trades appear profitable. Within a few hours, the attacker carried out around 20 switch-trade cycles, pulling approximately $11.86 million to $18 million in USDC out of the Vault, about 28% of the Vault’s $63 million total value locked. Blockaid discovered and publicly flagged the incident. Ostium then paused trading, freezing all positions and user funds to carry out an investigation. Ostium had raised $27.8 million from multiple investors and handled more than $50 billion in cumulative trading volume. Despite multiple audits, the attack succeeded because the vulnerability existed in the oracle infrastructure.
View Original
This page may contain third-party content, which is provided for information purposes only (not representations/warranties) and should not be considered as an endorsement of its views by Gate, nor as financial or professional advice. See Disclaimer for details.
  • Reward
  • 3
  • 1
  • Share
Comment
Add a comment
Add a comment
GasFeeDetective
· 7h ago
Another private key leak—how come a core component like an oracle didn’t have adequate protection?
View OriginalReply0
MobilePay
· 7h ago
Raised $27.8 million in financing, with a trading volume of $50 billion; the result is that a single oracle key could be used to siphon away $18 million—auditing was nothing but a joke.
View OriginalReply0
  • Pinned