Protocol investigates liquidity vault issue after blockchain security firms flag an exploit.
Photo Credit: Unsplash/FlyD
Blockchain security firms flagged unusual activity involving Ostium's liquidity vault
The decentralised trade protocol Ostium paused trading following reports from two blockchain security companies, Blockaid and CertiK, of an attack on its OLP liquidity vault. The estimated loss from the attack, as per Blockaid, was $18 million (roughly Rs. 173 crore), while that of CertiK was around $22 million (roughly Rs. 212 crore). According to both firms, this incident is believed to be a result of the breach of Ostium's oracle system, which provides the protocol with external price information.
The protocol claims that its team is carrying out an investigation and has yet to confirm the cause of this incident and the estimated losses. Ostium is an on-chain perpetuals exchange that offers 75 trading pairs across stocks, ETFs, commodities, indices, foreign exchange, and cryptocurrencies. It is built on the Arbitrum network. Recent security research has revealed that attackers targeting DeFi protocols have focused on off-chain components, including oracle systems and access controls, and key management rather than exploiting flaws in smart contracts alone.
A Security Update: Trading remains paused following the security incident. User positions remain open and unmodifiable, and trader margin remains unmoved in frozen trading smart contracts. The team will continue to provide updates as they become available regarding a timeline…
— Ostium (@Ostium) July 16, 2026
After Ostium announced on X that it had paused all trading after identifying an issue affecting the vault. It subsequently said: “With user security being our first concern, we recommend that all users temporarily revoke approvals for our contracts until we can further investigate the recent incident.”
Last week, Bonzo Lend, a lending platform for Hedera, suffered through a similar exploit when it incurred losses amounting to $9 million (roughly Rs. 86 crore) due to the exploitation of the SAUCE token that was being used as collateral by the hacker, which allowed the account to borrow assets far beyond the value deposited. This case showed how oracles' malfunctions allow people to use low-value collateral to extract liquidity from lending platforms, despite the fact that the protocol and the underlying blockchain work properly.
The second quarter of 2026 is already the most hacked quarter on record in terms of the number of attacks, with 83 hacks of crypto protocols, per analysis from market insights provider Unfolded based on data from DefiLlama. KelpDAO's $293 million (roughly Rs. 2,774 crore) hack and Drift Protocol's $280 million (roughly Rs. 2,652 crore) exploit were the largest incidents of the quarter.
Get your daily dose of tech news, reviews, and insights, in under 80 characters on Gadgets 360 Turbo. Connect with fellow tech lovers on our Forum. Follow us on X, Facebook, WhatsApp, Threads and Google News for instant updates. Catch all the action on our YouTube channel.
Former Rockstar Games Developer Explains Why GTA 6 Maker Launches Games on PC After Consoles