Author: CryptoSlate
Compiled by: Deep Tide TechFlow
Deep Tide Insights: This is not missing signatures, but rather authorized signers submitting price data "from the future." When verification passes but the data itself is toxic, where is the DeFi protocol's moat? Ostium has yet to publish final loss accounting and a post-mortem report, leaving huge questions about signer privilege abuse.
On-chain perpetual trading platform Ostium reported that a five-minute security incident caused losses to its public liquidity vaults. Security firms estimate the size of the exploit at up to $24 million.
Co-founder Kaledora Kiernan-Linn confirmed the issue occurred between 14:18 and 14:23 UTC on July 15, affecting the public Ostium Liquidity Provider (OLP) vaults. She stated the team identified the problem within minutes and coordinated a trading halt within an hour. The statement did not provide an exact total loss, root cause, or final post-mortem report.
Security firms say the heart of the issue is *authorized* data, not missing signatures. Blockaid and Cyvers reported that a registered PriceUpKeep forwarder submitted authorized oracle reports with future dates, creating phantom trading profits.
SlowMist said authorized signers provided manipulated data with valid signatures, used for repeated profitable trades. These descriptions remain third-party findings, pending confirmation in Ostium's post-mortem.
Cryptographic attestation can confirm a report was signed by a permitted key. But price reasonableness, timestamp freshness, and settlement security require separate controls.
The OstiumVerifier code linked from Ostium's security documentation recovers the ECDSA signer and checks if the signer is authorized, but this verification function does not enforce price reasonableness tests or timestamp boundaries.
The code does not appear to indicate which implementation version was active during the incident, or if separate contracts applied these checks. Any timestamp, replay, price deviation, or multi-source safeguards must have been run elsewhere in the execution path.
Even if the share price is static, tokenized stocks as collateral can fail
Ostium's protocol documentation states that OLP vaults hold trader collateral and pay winning trades instantly on-chain. If false profits were accepted for settlement, the vault's liquidity footed the bill for those payments.

Public estimates climbed as tracking continued. Blockaid placed the payout near $18 million, Cyvers estimated $23.7 million, and PeckShield later described around $24 million being drained.
SlowMist's lower figure of $11.86 million appears to track a single 11,862,444.782 USDC vault outflow visible in the transaction it cited.
SummerFi DeFi's new exploit shows AI automation now overrides smart contract risk
PeckShield said the withdrawn USDC was swapped for 12,080 ETH, with 10,540 ETH having entered Tornado Cash as of its update. Kiernan-Linn said Ostium is working with law enforcement, SEAL 911, and third-party security experts.
This mechanism distinguishes Ostium from a similar issue at Hedera lending protocol Bonzo Lend four days earlier. Bonzo's incident report stated its verifier accepted a proof without a valid signature. In Ostium's case, security firms claim the reports passed the authorized signer path: authentication succeeded, but the data was allegedly unsafe.
How a zero-signature oracle unlocked $9 million from Hedera DeFi lending protocol Bonzo Lend
Ostium still needs to confirm whether the signer key was compromised, an authorized operator acted maliciously, or another privileged path was abused.
Its fixes will be judged by whether signer isolation, strict timestamp boundaries, independent price checks, rate limiting, and circuit breakers can prevent one trusted path from turning a few minutes of bad data into yet another vault payout.





