Ostium loses $18 million in oracle attack that gamed its own price-feed infrastructure



An attacker drained approximately $18 million in USDC from Ostium’s liquidity vault on Arbitrum in an oracle manipulation exploit detected by blockchain security firm Blockaid, onchain data shows.

According to Blockaid’s alert, the attacker leveraged a registered PriceUpKeep forwarder, a component of Ostium’s automated infrastructure, to submit oracle price reports with future-dated timestamps. The manipulated reports created the appearance of profitable trades, which triggered an $18 million USDC payout from the vault.

Ostium is a decentralized perpetuals exchange on Arbitrum that allows users to trade real-world assets including commodities, forex, and equity indices, with up to 200x leverage, settling in USDC.

Ostium uses a custom price-feed system to track real-world asset prices, with a third-party automation network called Gelato responsible for pushing those prices onchain at the right moments. A smart contract called PriceUpKeep sits at the center of that process, acting as the trigger that writes the latest price data to the blockchain whenever a trade needs to be executed.



Source link

Beyoncé Sparkles in Custom Yankees Tee, Levins Shorts, and $150 DBleuDazzled Crystallized Fishnets at Jay-Z’s 30th Anniversary Celebration

Andy Burnham fails to rule out imposing a ‘wealth tax’ on Britons as scrutiny-dodging PM-in-waiting finally faces questions on his plans… from Gary Lineker

Leave a Reply

Your email address will not be published. Required fields are marked *