Ostium suspends trading due to a suspected oracle attack; estimated losses are about $22 million

DRIFT1.17%

The decentralized exchange protocol Ostium paused all trading on July 16 and advised users to revoke contract approvals. The reason is that blockchain security firms Blockaid and CertiK reported that Ostium’s OLP liquidity vault appears to have been attacked in connection with oracle-related systems. The two companies separately estimated losses of about $18 million and $22 million.

Ostium Official Statement: Trading Paused and Recommendation to Revoke Contract Approvals

On X, Ostium said it immediately halted trading across the entire platform after detecting abnormalities in the OLP liquidity vault. According to Ostium’s official post, the protocol has taken the following three response measures:

Pause all platform trading: After detecting vault abnormalities, it stopped all trading activity immediately

Release user safety guidance: Stating that “user safety is the top priority,” it recommended that all users temporarily revoke contract approvals

Launch an internal investigation: The team is investigating the cause of the incident and has not yet independently verified the loss amount or the nature of the attack

Blockaid and CertiK’s Loss Estimates: $18 Million to $22 Million

Blockchain security firm Blockaid estimated losses from the incident at about $18 million, while CertiK estimated about $22 million. Both companies attributed the attack to a breach of Ostium’s oracle system; this system provides external asset price data for the protocol and is a core piece of infrastructure for on-chain perpetual contract settlement.

Ostium’s official statement said the estimate figures above have not been independently verified by the protocol, and the investigation is still ongoing.

DeFi Security Backdrop for 2026: Losses Exceed $630 Million in April (Single Month)

DeFiLlama data shows that in April 2026, crypto hacker attacks caused losses of about $630 million, the highest monthly figure since February 2025. Of this total, the combined KelpDAO and Drift Protocol attack incidents accounted for more than 80% of that month’s losses. Security researchers said recent DeFi attacks show a shift from vulnerabilities in smart contract code to attacks on off-chain infrastructure such as oracle systems, privileged access, and key management.

In a research report released in April 2026, a JPMorgan analyst said bridge security is a key challenge for the structured adoption of DeFi. In an interview with Cointelegraph in May 2026, Symbiotic co-founder and Statemind CEO Misha Putiatin said that the risk of hacker attacks is difficult to quantify, which is one of the reasons institutional investors’ acceptance of DeFi returns remains constrained.

FAQ

Has Ostium resumed trading?

As of the time of this article’s publication (July 16, 2026), Ostium has not released an announcement about resuming trading; the latest status is subject to updates from Ostium’s official X account.

Why do the two security firms’ loss estimates differ?

Blockaid estimated about $18 million, while CertiK estimated about $22 million. The discrepancy comes from each company using different on-chain data analysis methods and different scopes for loss calculation. Ostium’s official statement said neither figure has been independently verified by the protocol.

What major changes have occurred in the main targets of recent DeFi attacks?

Security researchers said recent attackers have shifted toward off-chain infrastructure such as oracle systems, privileged access, and key management—not simply exploiting code vulnerabilities in smart contracts. In this Ostium incident, the oracle system was compromised, matching the attack trend recorded by the researchers.

Disclaimer: The information on this page may come from third-party sources and is for reference only. It does not represent the views or opinions of Gate and does not constitute any financial, investment, or legal advice. Virtual asset trading involves high risk. Please do not rely solely on the information on this page when making decisions. For details, see the Disclaimer.
Comment
0/400
No comments