Prices From the Future Fool the Oracle, Ostium Drained of $24 Million in Five Minutes

marsbitPublicado em 2026-07-17Última atualização em 2026-07-17

Resumo

Ostium, a perpetual trading platform, suffered a security incident on July 15, resulting in significant losses from its public liquidity vault. Initial analyses from Blockaid, Cyvers, and PeckShield estimate losses of up to $24 million. The exploit occurred over a five-minute window. According to security firms, the core issue was not a missing signature, but a data integrity failure: a registered price oracle (PriceUpKeep) submitted authorized price reports with manipulated future timestamps, creating false trading profits. The protocol’s verification process confirmed the signatures as authorized but did not enforce price sanity checks or timestamp boundaries, allowing the manipulated data to be accepted for settlement. This caused the liquidity vault to pay out on these fraudulent profits. Ostium’s co-founder confirmed the team paused trading within an hour and is collaborating with law enforcement and security experts. The extracted funds were reportedly swapped for ETH, with a portion moved to Tornado Cash. The incident highlights risks in DeFi oracle designs where cryptographic signature verification is insufficient without additional safeguards for data validity, timestamp freshness, and price reasonableness. Ostium's response and planned fixes—including stricter timestamp validation, independent price checks, and circuit breakers—will be critical to preventing similar exploits.

Author: CryptoSlate

Compiled by: Deep Tide TechFlow

Deep Tide Insights: This is not missing signatures, but rather authorized signers submitting price data "from the future." When verification passes but the data itself is toxic, where is the DeFi protocol's moat? Ostium has yet to publish final loss accounting and a post-mortem report, leaving huge questions about signer privilege abuse.

On-chain perpetual trading platform Ostium reported that a five-minute security incident caused losses to its public liquidity vaults. Security firms estimate the size of the exploit at up to $24 million.

Co-founder Kaledora Kiernan-Linn confirmed the issue occurred between 14:18 and 14:23 UTC on July 15, affecting the public Ostium Liquidity Provider (OLP) vaults. She stated the team identified the problem within minutes and coordinated a trading halt within an hour. The statement did not provide an exact total loss, root cause, or final post-mortem report.

Security firms say the heart of the issue is *authorized* data, not missing signatures. Blockaid and Cyvers reported that a registered PriceUpKeep forwarder submitted authorized oracle reports with future dates, creating phantom trading profits.

SlowMist said authorized signers provided manipulated data with valid signatures, used for repeated profitable trades. These descriptions remain third-party findings, pending confirmation in Ostium's post-mortem.

Cryptographic attestation can confirm a report was signed by a permitted key. But price reasonableness, timestamp freshness, and settlement security require separate controls.

The OstiumVerifier code linked from Ostium's security documentation recovers the ECDSA signer and checks if the signer is authorized, but this verification function does not enforce price reasonableness tests or timestamp boundaries.

The code does not appear to indicate which implementation version was active during the incident, or if separate contracts applied these checks. Any timestamp, replay, price deviation, or multi-source safeguards must have been run elsewhere in the execution path.

Even if the share price is static, tokenized stocks as collateral can fail

Ostium's protocol documentation states that OLP vaults hold trader collateral and pay winning trades instantly on-chain. If false profits were accepted for settlement, the vault's liquidity footed the bill for those payments.

Public estimates climbed as tracking continued. Blockaid placed the payout near $18 million, Cyvers estimated $23.7 million, and PeckShield later described around $24 million being drained.

SlowMist's lower figure of $11.86 million appears to track a single 11,862,444.782 USDC vault outflow visible in the transaction it cited.

SummerFi DeFi's new exploit shows AI automation now overrides smart contract risk

PeckShield said the withdrawn USDC was swapped for 12,080 ETH, with 10,540 ETH having entered Tornado Cash as of its update. Kiernan-Linn said Ostium is working with law enforcement, SEAL 911, and third-party security experts.

This mechanism distinguishes Ostium from a similar issue at Hedera lending protocol Bonzo Lend four days earlier. Bonzo's incident report stated its verifier accepted a proof without a valid signature. In Ostium's case, security firms claim the reports passed the authorized signer path: authentication succeeded, but the data was allegedly unsafe.

How a zero-signature oracle unlocked $9 million from Hedera DeFi lending protocol Bonzo Lend

Ostium still needs to confirm whether the signer key was compromised, an authorized operator acted maliciously, or another privileged path was abused.

Its fixes will be judged by whether signer isolation, strict timestamp boundaries, independent price checks, rate limiting, and circuit breakers can prevent one trusted path from turning a few minutes of bad data into yet another vault payout.

Perguntas relacionadas

QWhat is the core security issue that led to the exploitation of the Ostium protocol, according to the article?

AThe core issue was not missing signatures, but the submission of authorized oracle reports containing 'future' price data by a registered PriceUpKeep forwarder. The verification process checked for authorized signers but failed to validate the reasonableness of the price data and timestamp freshness, allowing fraudulent profit claims to be settled.

QWhat was the estimated financial loss to Ostium's public liquidity vault during the five-minute incident?

ASecurity estimates varied, but the figure widely reported was approximately $24 million. Blockaid initially estimated close to $18 million, Cyvers estimated $23.7 million, and PeckShield later described about $24 million being drained.

QHow does the Ostium exploit differ from the recent security incident on Bonzo Lend, as mentioned in the article?

AThe Bonzo Lend incident involved its verifier accepting a proof without a valid signature. In contrast, the Ostium exploit involved oracle reports that *did* have valid signatures from an authorized signer, meaning the authentication succeeded, but the data within the report itself was manipulated and fraudulent.

QWhat are some of the proposed fixes or improvements mentioned to prevent similar incidents in the future?

AThe article suggests that Ostium's response will be judged on its implementation of measures like signer isolation, strict timestamp boundaries, independent price checks, rate limiting, and circuit breakers to prevent a trusted path from being abused to drain the vault.

QWhat happened to a significant portion of the stolen funds after the exploit?

AAccording to PeckShield, the extracted USDC was swapped for 12,080 ETH, and at the time of their update, 10,540 ETH of that had been sent to the privacy mixer Tornado Cash.

Leituras Relacionadas

The Price of DeFi Mass Adoption: Understanding the Profit Distribution and Hidden Risks of Aave Stable Vaults

**Title:** The Price of DeFi Mass Adoption: Understanding Aave Stable Vaults' Profit Distribution and Hidden Risks **Summary:** Aave Labs' new "Stable Vaults" product aims to simplify DeFi for mainstream users by offering fixed yields, a rarity in crypto. The model inserts a middleman layer between users and Aave's underlying lending pools. This layer, often a fintech app or digital bank, absorbs interest rate volatility, guaranteeing users a pre-set stable return while capturing any excess yield from Aave's underlying pools. In exchange for this predictable "peace of mind" and services like customer support and simplified onboarding, users sacrifice potential higher yields and take on new counterparty risks from the operating entity and its infrastructure. The article illustrates this with the example of payroll provider Rise, which transparently passes through most Aave yield, versus the higher profit margins possible through Stable Vaults. While a rational trade-off for many non-expert users prioritizing simplicity and security, the system centralizes risk and obfuscates true market yields. Aave benefits by attracting sticky, non-speculative capital crucial for its long-term economic model, highlighting the industry's shift towards catering to fundamental human preferences for convenience over complex, self-managed financial systems.

Foresight NewsHá 31m

The Price of DeFi Mass Adoption: Understanding the Profit Distribution and Hidden Risks of Aave Stable Vaults

Foresight NewsHá 31m

Stripe's $53.4 Billion Acquisition of PayPal: The Final Piece of the Stablecoin Empire Puzzle

Stripe has reportedly made a $53.4 billion acquisition offer for PayPal, a move that could signal a major shift in the stablecoin landscape from a "technology race" to a "customer war." Over recent years, Stripe has been quietly building nearly every layer of a stablecoin empire: acquiring the issuance platform Bridge, wallet provider Privy, co-incubating the payments-focused Layer 1 network Tempo with Paradigm, and joining the Open USD (OUSD) alliance stablecoin initiative. What it lacks, however, is a massive direct consumer user base. PayPal, with its hundreds of millions of active accounts, the Venmo app, and its own PYUSD stablecoin, would provide exactly that. The acquisition could create a closed-loop system where Stripe handles the merchant side, PayPal/Venmo serve consumers, and transactions are settled via stablecoins on a blockchain like Tempo, potentially bypassing traditional card networks and their fees. While the deal is not yet finalized and may face hurdles—including potential resistance from PayPal's board or a higher bid—the mere offer suggests Stripe's strategic focus may have evolved. It indicates that having superior infrastructure alone may not be enough; distribution and user access are critical battlegrounds. Questions remain about how PYUSD, OUSD, and Venmo would integrate with Stripe's stack, and whether private equity co-investor Advent International would prioritize such crypto experiments. If successful, this acquisition could significantly boost Tempo's position in the competitive public blockchain space and further push crypto-based payments into the mainstream, potentially fulfilling PayPal's original vision of an internet-native currency through a new, crypto-native infrastructure.

marsbitHá 44m

Stripe's $53.4 Billion Acquisition of PayPal: The Final Piece of the Stablecoin Empire Puzzle

marsbitHá 44m

Hyperliquid's "Stock Price" for ChangXin Memory Tech Hits $8.64: How Was This Price Determined Before the IPO?

Title: Hyperliquid's "Stock Price" for CXMT Hits $8.64: How is This Pre-IPO Price Determined? Summary: On Hyperliquid, a derivative contract tracking the pre-IPO value of Chinese chipmaker Changxin Xinqiao (CXMT) has been trading, with its price reaching $8.64. This price is not a real stock price or a direct IPO valuation, but the result of a specific market mechanism. Trade.xyz deployed this "Pre-IPO Perpetual" (IPOP) contract via Hyperliquid's HIP-3 framework. It tracks the expected USD value of one Changxin A-share post-listing. The contract started with an artificial "discretionary reference price" of $5 set by Trade.xyz. Subsequent trading prices are primarily determined by supply and demand on Hyperliquid's on-chain order book. Since there's no tradable现货 before the IPO, the contract price isn't forced to align with the official IPO price of 8.66 RMB (~$1.28). Key mechanics shape the price: 1. **Order Book-Driven**: The actual成交价 comes from limit orders matched on-chain. 2. **Internal Oracle & Smoothing**: An internal oracle, run by Trade.xyz, calculates a smoothed price based on the order book's "impact price" using a 30-minute exponential moving average (EWMA). This oracle price influences funding rates. 3. **Mark Price for Risk**: A separate Mark Price, derived from the median of the internal oracle and other inputs, is used for calculating profit/loss and liquidation. 4. **Discovery Bound (Price护栏)**: A 20% "Discovery Bound" limits how far the price can move from the current reference point. However, if the price hits the bound, the reference price can be re-anchored upward (or downward) up to 7 times. This explains the阶梯状 jumps to $6, $7.2, and $8.64. 5. **Low Funding Rate**: A minimal funding rate (0.005 multiplier) allows positions to be held with low cost before the IPO, but it provides a weak anchor. Post-IPO, the contract is expected to convert to a standard stock perpetual, with its oracle switching to the actual A-share price converted to USD. This transition could cause price jumps and potential liquidations if there's a significant gap between the pre-IPO contract price and the real market price. In essence, the $8.64 price is a composite of: a人为设定的起点 + on-chain order book supply/demand +内部 oracle 平滑 + low funding rate damping + a moving price护栏. It represents a collective bet by specific market participants on the future public market valuation, not the company's current or official IPO price.

marsbitHá 45m

Hyperliquid's "Stock Price" for ChangXin Memory Tech Hits $8.64: How Was This Price Determined Before the IPO?

marsbitHá 45m

Trading

Spot
活动图片