The decentralized exchange protocol Ostium paused all trading on July 16 and advised users to revoke contract approvals. The reason is that blockchain security firms Blockaid and CertiK reported that Ostium’s OLP liquidity vault appears to have been attacked in connection with oracle-related systems. The two companies separately estimated losses of about $18 million and $22 million.
Ostium Official Statement: Trading Paused and Recommendation to Revoke Contract Approvals
On X, Ostium said it immediately halted trading across the entire platform after detecting abnormalities in the OLP liquidity vault. According to Ostium’s official post, the protocol has taken the following three response measures:
Pause all platform trading: After detecting vault abnormalities, it stopped all trading activity immediately
Release user safety guidance: Stating that “user safety is the top priority,” it recommended that all users temporarily revoke contract approvals
Launch an internal investigation: The team is investigating the cause of the incident and has not yet independently verified the loss amount or the nature of the attack
Blockaid and CertiK’s Loss Estimates: $18 Million to $22 Million
Blockchain security firm Blockaid estimated losses from the incident at about $18 million, while CertiK estimated about $22 million. Both companies attributed the attack to a breach of Ostium’s oracle system; this system provides external asset price data for the protocol and is a core piece of infrastructure for on-chain perpetual contract settlement.
Ostium’s official statement said the estimate figures above have not been independently verified by the protocol, and the investigation is still ongoing.
DeFi Security Backdrop for 2026: Losses Exceed $630 Million in April (Single Month)
DeFiLlama data shows that in April 2026, crypto hacker attacks caused losses of about $630 million, the highest monthly figure since February 2025. Of this total, the combined KelpDAO and Drift Protocol attack incidents accounted for more than 80% of that month’s losses. Security researchers said recent DeFi attacks show a shift from vulnerabilities in smart contract code to attacks on off-chain infrastructure such as oracle systems, privileged access, and key management.
In a research report released in April 2026, a JPMorgan analyst said bridge security is a key challenge for the structured adoption of DeFi. In an interview with Cointelegraph in May 2026, Symbiotic co-founder and Statemind CEO Misha Putiatin said that the risk of hacker attacks is difficult to quantify, which is one of the reasons institutional investors’ acceptance of DeFi returns remains constrained.
FAQ
Has Ostium resumed trading?
As of the time of this article’s publication (July 16, 2026), Ostium has not released an announcement about resuming trading; the latest status is subject to updates from Ostium’s official X account.
Why do the two security firms’ loss estimates differ?
Blockaid estimated about $18 million, while CertiK estimated about $22 million. The discrepancy comes from each company using different on-chain data analysis methods and different scopes for loss calculation. Ostium’s official statement said neither figure has been independently verified by the protocol.
What major changes have occurred in the main targets of recent DeFi attacks?
Security researchers said recent attackers have shifted toward off-chain infrastructure such as oracle systems, privileged access, and key management—not simply exploiting code vulnerabilities in smart contracts. In this Ostium incident, the oracle system was compromised, matching the attack trend recorded by the researchers.