Arbitrum’s Ostium perpetual RWA platform lost nearly $18 million today after attackers compromised its oracle signing key and manipulated prices.
The root cause was the private key of the compromised Oracle website. This allowed the attacker to bypass checks and offer favorable future prices. They executed about 20 recursive trades through delegated actions, instantly profiting at the expense of the protocol without real market exposure.
The exploit drains a third of the vault within hours
The incident was first reported by security firm Blockaid on July 15, 2026. The attacker used a registered PriceUpKeep freight forwarder and future-dated certified Oracle reports to generate artificial trading profits. This led to recurring opening and closing loops that drained funds from Ostium’s main liquidity vault.
Follow us on XTo get the latest news as it happens
On-chain data shows approximately $11.86 million – $18 million USD extracted from the vault, representing approximately 32-35% of the total TVL value of approximately $34 million at the time of the attack. The underlying exploit transaction can be publicly verified on Arbiscan.
Ostium is a leading decentralized perpetual exchange focused on real-world assets โ stocks, commodities, forex and indices โ built on Arbitrum.
Big support faces a big setback
The protocol has raised nearly $27.8 million from major investors including General Catalyst, Jump Crypto, Coinbase Ventures, Wintermute, and GSR. Despite strong institutional support and multiple audits, the incident exposes persistent risks in Oracle-based RWA infrastructure.
The exploitation is under active investigation. Users should monitor official channels for withdrawal instructions and security updates. This event highlights the need for robust oracle key management and real-time monitoring in hybrid DeFi protocols.
With the rapid growth of the perpetual RWA sector, this hack serves as a timely reminder: even well-funded projects remain vulnerable to private key and oracle attacks. Expect increased scrutiny on similar platforms in the coming weeks.
this post Ostium Perp DEX Made $18 Million in Brutal Oracle Exploit appeared first on BeInCrypto.





