Tracked since July 15 at 18:23 · 3 analyses · Updated July 17 at 20:22
Ostium exploited for $18M USDC; SummerFi winds down after exploit - DeFi security concerns resurface
Ostium, a perp DEX on Arbitrum, suffered an $18M USDC vault exploit. The attacker used a registered PriceUpKeep forwarder and future-dated oracle reports to create artificial trade profit. Funds were swapped to ETH and laundered via Tornado Cash. Separately, SummerFi (Lazy Summer Protocol) announced it is winding down after a recent exploit, citing the stakes and costs of providing secure DeFi access.
- Ostium exploited for $18M USDC via oracle manipulation
- Exploiter swapped 23.75M USDC for 12,084 ETH, laundered through Tornado Cash
- Ostium halted trading after exploit
- SummerFi winding down after exploit, shutting down UI
- Both incidents within 48 hours (July 15-16)
Two significant DeFi exploits in a short period, including one that shut down a long-standing protocol (SummerFi), highlights ongoing security risks in DeFi. These events may trigger renewed focus on oracle security, vault design, and insurance. It also shows that even established protocols can be vulnerable.