What happened
Ostium, an Arbitrum-based perpetuals DEX, reported that an attacker compromised an oracle signer key and drained its OLP vault. The platform paused trading and told users to revoke approvals.
The upstream record says the funds were converted to ETH and dispersed. Reported loss estimates range from roughly $18 million to $22 million.
Why it matters
The incident adds to concerns around oracle security and vault exposure in DeFi perpetuals markets. A compromised signer key can become a critical point of failure when it is connected to trading or vault operations.
For users and observers, the immediate issue is the status of Ostium’s pause, its response to the drained vault, and any further details it releases about the compromise.
What to watch next
Watch for an official Ostium update on the trading pause, user approval guidance, the OLP vault, and any recovery or remediation steps. Further on-chain tracing or security findings may also clarify the reported loss amount and movement of funds.
An official Ostium update detailing the trading pause, OLP vault status, approval guidance, and remediation steps.
Upstream references
Digest dated 2026-07-16 · upstream model claude-sonnet-4-6. Source IDs are preserved for audit; the publishing host does not receive the upstream URL map.
- 1
fa8c35e79b9c7e21e0e8670facf5bc64d52c60e6Reference from the upstream research server - 2
7c3a338f7e4587374583f7f3e253d1a4faac6d7bReference from the upstream research server - 3
019d7a6ca8190805dcf19725fcc13b6e0b32f292Reference from the upstream research server - 4
fa8a5f5a24a27c26ac4776b64eba7b5b10081f5aReference from the upstream research server
This quick brief was generated by Terra from a dated upstream research digest. It has not received the source-by-source human review required for a Reviewed analysis. Material limit: The supplied record confirms a reported incident and gives an estimated loss range, but it does not provide the underlying source URLs, a full technical account, or a final verified loss total.