Ostium Halts Trading After $18M-$22M Exploit Report
CRV
-1.88%
GNO
-7.53%
DOT
-1.87%
TITAN
-8.47%
Decentralized trading protocol Ostium has temporarily halted all trading operations following reports of a significant exploit targeting its OLP liquidity vault. Blockchain security firms Blockaid and CertiK independently reported the incident on Wednesday, citing substantial financial losses that could exceed $20 million.

The Attack and Financial Impact

The two security firms diverged slightly on the extent of the damage. Blockaid estimated the exploit resulted in approximately $18 million in losses, while CertiK placed the figure higher, at around $22 million. Both attributed the compromise to vulnerabilities in Ostium’s oracle system, which supplies external price data to the protocol.

Ostium announced its decision to pause trading on X, stating the team identified an issue affecting its vault. The protocol advised users to temporarily revoke approvals for our contracts until we can further investigate the recent incident to protect user security. The team has not yet confirmed the exact cause or precise financial impact.

Understanding the Target

Built on the Arbitrum network, Ostium operates as an on-chain perpetuals trading platform offering leveraged exposure across 75 trading pairs. The platform covers stocks, ETFs, commodities, indices, foreign exchange, and cryptocurrencies.

The alleged attack on Ostium’s oracle system reflects a troubling trend in DeFi security. Recent exploits increasingly target off-chain infrastructure like oracle systems, privileged access points, and key management rather than focusing solely on flaws within smart contracts themselves.

Broader DeFi Security Crisis

This incident adds to a growing list of high-profile attacks throughout 2025. According to DeFiLlama, crypto hacks accounted for nearly $630 million in losses during April alone, marking the highest monthly total since February 2025.

The scale of vulnerability is striking. Just two exploits — at KelpDAO and Drift Protoco l— accounted for over 80% of April’s total losses, underscoring how concentrated risk remains within the DeFi ecosystem.

Institutional Adoption at Risk

The recurring nature of these attacks raises serious questions about DeFi’s readiness for mainstream adoption. JPMorgan analysts flagged bridge security as a critical bottleneck in an April research note, questioning whether DeFi can scale to support institutional participation.

The sentiment resonates across industry leadership. Misha Putiatin, CEO of smart contract security firm Statemind and co-founder of Symbiotic, told Cointelegraph in May that institutions struggle to quantify hack risk. This makes them reluctant to accept sector returns despite growing interest in blockchain-based finance.

Institutions can’t easily measure their exposure to hacks, Putiatin explained, highlighting a fundamental trust gap between DeFi’s promise and its operational reality.

Investigation Underway

Ostium’s team continues investigating the incident to confirm the exact cause and losses. The outcome will be critical for understanding which vulnerabilities were exploited and informing future security measures across the protocol and the broader DeFi sector.

Follow Hashlytics on Bluesky, LinkedIn, Telegram and X to Get Instant Updates