An attacker drained roughly $18 million in USDC from Ostium’s liquidity vault on Arbitrum in an oracle manipulation exploit detected by blockchain safety agency Blockaid, onchain information exhibits.
In keeping with Blockaid’s alert, the attacker leveraged a registered PriceUpKeep forwarder, a element of Ostium’s automated infrastructure, to submit oracle value studies with future-dated timestamps. The manipulated studies created the looks of worthwhile trades, which triggered an $18 million USDC payout from the vault.
Ostium is a decentralized perpetuals change on Arbitrum that permits customers to commerce real-world property together with commodities, foreign exchange, and fairness indices, with as much as 200x leverage, settling in USDC.
Ostium makes use of a customized price-feed system to trace real-world asset costs, with a third-party automation community known as Gelato answerable for pushing these costs onchain on the proper moments. A sensible contract known as PriceUpKeep sits on the middle of that course of, appearing because the set off that writes the newest value information to the blockchain each time a commerce must be executed.


