AllPolicy6Stablecoins4BTC1AI Agents2Tokenization4Ethereum2DeFi4Payments2Security2
Tracked since July 15 at 18:23 · 3 analyses · Updated July 17 at 20:22

Ostium exploited for $18M USDC; SummerFi winds down after exploit - DeFi security concerns resurface

Ostium, a perp DEX on Arbitrum, suffered an $18M USDC vault exploit. The attacker used a registered PriceUpKeep forwarder and future-dated oracle reports to create artificial trade profit. Funds were swapped to ETH and laundered via Tornado Cash. Separately, SummerFi (Lazy Summer Protocol) announced it is winding down after a recent exploit, citing the stakes and costs of providing secure DeFi access.

  • Ostium exploited for $18M USDC via oracle manipulation
  • Exploiter swapped 23.75M USDC for 12,084 ETH, laundered through Tornado Cash
  • Ostium halted trading after exploit
  • SummerFi winding down after exploit, shutting down UI
  • Both incidents within 48 hours (July 15-16)

Two significant DeFi exploits in a short period, including one that shut down a long-standing protocol (SummerFi), highlights ongoing security risks in DeFi. These events may trigger renewed focus on oracle security, vault design, and insurance. It also shows that even established protocols can be vulnerable.

Tracked since July 16 at 12:13 · 1 analyses · Updated July 18 at 08:20

ZachXBT states all hardware wallets are 'complete garbage', recommends separate iPhone

ZachXBT posted that all hardware wallets are garbage and a separate iPhone is safer for signing. Roman Storm agreed, noting the lack of BIP39 passphrase support in mobile wallets. The thread sparked debate on wallet security.

  • ZachXBT called all hardware wallets garbage, recommends separate iPhone.
  • Roman Storm agreed, citing missing BIP39 passphrase on mobile apps like MetaMask, TrustWallet, Rabby.
  • AirGap Vault is the only mobile app with passphrase support, per Storm.
  • Tayvano proposed a 3-signer multisig setup with dedicated iPhone.
  • Other voices criticized the single-point-of-failure of a single device.

Highlights a known gap in mobile wallet security that many users face, and calls attention to the need for better passphrase support and multisig solutions on mobile.

Disclaimer

ZHIL provides automated market research and commentary for information only. It is not investment, trading, legal, or tax advice, nor an offer, solicitation, or recommendation. Crypto assets involve substantial risk. Verify information independently and make your own decisions.

Third-party accounts and source links are identified only for attribution and commentary. Rights remain with their respective owners. ZHIL is not affiliated with, sponsored by, or endorsed by X or any cited account. AI-generated analysis may be incomplete, outdated, or wrong.