Advertisement
New Zealand markets closed

  • NZX 50

    11,796.21
    -39.83 (-0.34%)
     

  • NZD/USD

    0.5897
    -0.0009 (-0.15%)
     

  • NZD/EUR

    0.5535
    -0.0010 (-0.18%)
     

  • ALL ORDS

    7,817.40
    -81.50 (-1.03%)
     

  • ASX 200

    7,567.30
    -74.80 (-0.98%)
     

  • OIL

    83.71
    +0.98 (+1.18%)
     

  • GOLD

    2,404.50
    +6.50 (+0.27%)
     

  • NASDAQ

    17,394.31
    -99.31 (-0.57%)
     

  • FTSE

    7,877.05
    0.00 (0.00%)
     

  • Dow Jones

    37,775.38
    +22.07 (+0.06%)
     

  • DAX

    17,837.40
    +67.38 (+0.38%)
     

  • Hang Seng

    16,237.34
    -148.53 (-0.91%)
     

  • NIKKEI 225

    37,068.35
    -1,011.35 (-2.66%)
     

  • NZD/JPY

    91.0160
    -0.2380 (-0.26%)
     

DeFi Platform Acala’s Stablecoin Falls 99% After Hackers Issue 1.3B Tokens

Cheyenne Ligon, Shaurya Malwa
Updated ·2-min read

Polkadot-based decentralized finance (DeFi) platform Acala’s native stablecoin, aUSD, depegged on Sunday, plummeting 99% after hackers exploited a bug in a newly deployed liquidity pool to mint 1.28 billion tokens.

  • Acala developers said the bug was caused by a misconfiguration of the iBTC/aUSD liquidity pool shortly after it went live on Sunday. A liquidity pool is a digital pile of cryptocurrency locked in a smart contract, which results in creating liquidity for faster transactions on decentralized exchanges (DEX) and DeFi protocols.

  • After noticing the exploit, the Acala team disabled the transfer functionality of the “erroneously minted aUSD” remaining on the Acala parachain. Parachains refer to custom, project-specific blockchains that are integrated within the Polkadot and Kusama networks and can be customized for any number of use cases.

  • A wallet believed to belong to the attacker still contains approximately 1.27 billion aUSD. Acala has asked white-hat hackers to return the stolen funds to Polkadot or Moonbeam addresses.

  • On-chain sleuths have pointed out that the attacker who minted 1.28 billion aUSD was not the only person to take advantage of the bug – several other users allegedly stole thousands of dollars worth of DOT from the liquidity pool.

  • The Twitter account @alice_und_bob estimated that the "damage" was $0 to $10 million, "likely around 1.6M USD with chance of recovery."

  • Launched earlier this year, aUSD successfully held its soft peg to the U.S. dollar until the hack. After the attack, the price of aUSD plunged from roughly $1.03 per token to $0.009.

  • Acala developers said Sunday night that would continue to trace the on-chain activity to resolve the error mint of aUSD and try to restore aUSD peg.

  • Later on Monday, Acala community members created a proposal that would result in the return of all erroneously minted aUSD to the protocol and the tokens later being burnt.

  • Acala did not return requests for comments at press time.

Read more: Acala, VCs Commit $250M for Polkadot DeFi Investments

Read more: Polkadot-Based Acala Raises $7M as DeFi Grabs Land on Another Blockchain

ADVERTISEMENT

UPDATE (Aug. 15, 07:41 UTC): Adds clarifying information throughout.

UPDATE (Aug. 15, 13:10 UTC): Adds details about the community proposal in the seventh bullet.

UPDATE (Aug. 15, 13:10 UTC): Adds estimate of damage from Twitter user @alice_und_bob.