MultiversX Tracker is Live!

$18M Ostium Vault Exploit Drains Arbitrum Protocol

CryptoNinjas

Cryptocoins News / CryptoNinjas 20 Views

Key Takeaways:

  • Ostium Vault lost about $18 million USDC in an exploit on Arbitrum.
  • The attacker abused authorized oracle reports and a registered PriceUpKeep forwarder. 
  • Blockaid identified the exploit and shared the attacker’s transaction and wallet details.

An exploit targeting the Ostium Vault has resulted in an estimated $18 million USDC loss on Arbitrum. Blockchain security firm Blockaid said the attacker manipulated the protocol’s oracle flow to generate artificial trading profits before withdrawing funds from the vault.

How the Ostium Vault Exploit Worked

According to Blockaid, the attacker did not rely on a conventional smart contract vulnerability. Instead, the exploit combined two legitimate protocol components in an unintended way.

The attacker used a registered PriceUpKeep forwarder together with future-dated authorized oracle reports to fabricate profitable trading conditions. These reports manipulated allowed the protocol to account for gains which were non-existent resulting in a $18m plus payout of the USDC in the vault.

Since these reports were already approved, the exploit skirted regular expectations of data integrity. The incident shows the danger of an attack surface that is trusted oracle infrastructure that does not include abnormal input in validation logic.

Read More: SecondFi Exploit Exposes Private Keys as ADA Wallet Flaw Puts Millions at Risk

Ostium’s Focus on Tokenized Real-World Assets

ostium

Ostium is a decentralized perpetual trading protocol which helps individuals enter the real-world asset (RWA) markets without requiring access to a centralized hub of a central authority.

The project has garnered significant support from cryptocurrency and venture capital investors such as General Catalyst, Jump Crypto, Coinbase Ventures, Wintermute and GSR, with them raising around $27.8 million to invest in the development.

Platforms that process RWAs are becoming more appealing to malicious attackers, as institutions begin to see the value in tokenizing their assets and rely on complex pricing mechanisms for them.

Read More: $5.87M Ethereum Exploit Hits TrustedVolumes as 1inch Denies Any Protocol Breach

Oracle Security Remains a Critical Challenge

The Ostium incident is a reminder that while smart contract code is critical, it’s not all that’s needed for a successful decentralized finance project. Today, protocol security no longer just relies on Oracle systems, automation applications, and off-chain data verification.

Most popular DeFi apps use external price feeds and automated execution services to execute trades and determine balances for users. If such systems can be exploited via legitimate, but badly handled inputs, attackers can steal money without exploiting common coding weaknesses.

As DeFi protocols grow to institutional-level products and tokens representing real-world scenarios, it is vital to ensure their oracles and execution methods are properly validated to safeguard investors’ funds, said the exploit.

The post $18M Ostium Vault Exploit Drains Arbitrum Protocol appeared first on CryptoNinjas.


Get BONUS $200 for FREE!

You can get bonuses upto $100 FREE BONUS when you:
💰 Install these recommended apps:
💲 SocialGood - 100% Crypto Back on Everyday Shopping
💲 xPortal - The DeFi For The Next Billion
💲 CryptoTab Browser - Lightweight, fast, and ready to mine!
💰 Register on these recommended exchanges:
🟡 Binance🟡 Bitfinex🟡 Bitmart🟡 Bittrex🟡 Bitget
🟡 CoinEx🟡 Crypto.com🟡 Gate.io🟡 Huobi🟡 Kucoin.



Comments