-0.73%
+0.95%
-1.88%
-7.53%
-1.87%
-8.47%
The Attack and Financial Impact
The two security firms diverged slightly on the extent of the damage. Blockaid estimated the exploit resulted in approximately $18 million in losses, while CertiK placed the figure higher, at around $22 million. Both attributed the compromise to vulnerabilities in Ostium’s oracle system, which supplies external price data to the protocol.
Ostium announced its decision to pause trading on X, stating the team identified an issue affecting its vault. The protocol advised users to temporarily revoke approvals for our contracts until we can further investigate the recent incident
to protect user security. The team has not yet confirmed the exact cause or precise financial impact.
Understanding the Target
Built on the Arbitrum network, Ostium operates as an on-chain perpetuals trading platform offering leveraged exposure across 75 trading pairs. The platform covers stocks, ETFs, commodities, indices, foreign exchange, and cryptocurrencies.
The alleged attack on Ostium’s oracle system reflects a troubling trend in DeFi security. Recent exploits increasingly target off-chain infrastructure like oracle systems, privileged access points, and key management rather than focusing solely on flaws within smart contracts themselves.
Broader DeFi Security Crisis
This incident adds to a growing list of high-profile attacks throughout 2025. According to DeFiLlama, crypto hacks accounted for nearly $630 million in losses during April alone, marking the highest monthly total since February 2025.
The scale of vulnerability is striking. Just two exploits — at KelpDAO and Drift Protoco l— accounted for over 80% of April’s total losses, underscoring how concentrated risk remains within the DeFi ecosystem.
Institutional Adoption at Risk
The recurring nature of these attacks raises serious questions about DeFi’s readiness for mainstream adoption. JPMorgan analysts flagged bridge security as a critical bottleneck in an April research note, questioning whether DeFi can scale to support institutional participation.
The sentiment resonates across industry leadership. Misha Putiatin, CEO of smart contract security firm Statemind and co-founder of Symbiotic, told Cointelegraph in May that institutions struggle to quantify hack risk. This makes them reluctant to accept sector returns despite growing interest in blockchain-based finance.
Institutions can’t easily measure their exposure to hacks,
Putiatin explained, highlighting a fundamental trust gap between DeFi’s promise and its operational reality.
Investigation Underway
Ostium’s team continues investigating the incident to confirm the exact cause and losses. The outcome will be critical for understanding which vulnerabilities were exploited and informing future security measures across the protocol and the broader DeFi sector.
Follow Hashlytics on Bluesky, LinkedIn, Telegram and X to Get Instant Updates
