An attacker compromised Ostium Protocol's oracle signer on Arbitrum and used the PriceUpKeep forwarder to submit future-dated authorized price reports, manipulating asset prices to extract ~$24M.
On July 15, 2026, Ostium Protocol, an Arbitrum-based perpetual DEX, was exploited for approximately $24M after an attacker compromised the protocol's oracle signer. The attacker gained control of the authorized signer key used to submit price updates to Ostium's on-chain oracle contracts. Rather than submitting fabricated prices directly, the attacker abused the protocol's own PriceUpKeep forwarder — a keeper-style contract designed to relay signed oracle reports on-chain — to inject manipulated price data with future-dated timestamps that the contract accepted as authorized reports.\n\nThe PriceUpKeep forwarder mechanism was intended to automate the delivery of off-chain signed price reports to the on-chain oracle, but the forwarder trusted the signer's authorization without independently validating report freshness or temporal plausibility. By submitting future-dated authorized reports, the attacker could pre-position trades against prices that had not yet materialized on any legitimate market, opening large perpetual positions at favorable synthetic prices and then closing them at the manipulated valuations to extract the protocol's reserves. The exploit was detected by on-chain monitoring and security firms including CertiK and PeckShield, which traced the manipulated reports and the subsequent fund movement.\n\nThe attacker rapidly swapped the extracted stablecoin and native-asset proceeds into approximately 12,000 ETH across Arbitrum and Ethereum, then routed 10,540 ETH through Tornado Cash in batches to obscure the trail. The scale and sophistication of the operation — compromising an authorized signer, abusing a keeper forwarder, and laundering through Tornado — pointed to a well-resourced actor with prior knowledge of Ostium's oracle architecture.
The attacker converted extracted proceeds into approximately 12,000 ETH and routed 10,540 ETH through Tornado Cash in batched deposits to break the on-chain link between the exploit and the final holding wallets. The remaining ETH was dispersed across multiple fresh wallets. No recovery has been reported at the time of writing; the Tornado Cash routing significantly complicates forensic tracing.
N/A