Through a vulnerability of the liquidity pool, attackers were able to issue more than 1,2 billion aUSD

Acala’s stablecoin falls by 95% as a result of an exploit

15.08.2022 - 11:15

429

3 min

What’s new? On August 14, Acala, a DeFi platform, was subjected to a hacker attack, after which the stablecoin Acala Dollar (aUSD) lost its peg to the US dollar. The rate of stablecoin collapsed by 95%, from $1,02 to $0,05. As of August 15, 11:30 UTC, the value of the asset rose to $0,87, according to crypto exchange Binance.

More details about the exploit. On August 14, the Acala team reported a problem with the Honzon protocol configuration affecting aUSD. It was decided to hold an urgent vote to suspend operations on Acala while the problem is investigated and resolved.

On the same day, developers determined that the problem was a misconfiguration of the iBTC/aUSD liquidity pool (which was launched on August 14), which allowed attackers to issue 1,27 billion of the project’s stablecoin, according to Watcher Guru. This amount represents more than 99% of the issued aUSD.

Developers identified the address of the wallet that received stablecoins. The ability to transfer them has been disabled.

Acala is a DeFi smart contract platform compatible with the Ethereum Virtual Machine (EVM) that operates as a Polkadot parachain. It has built-in decentralized finance protocols that application developers can use.

On August 9, hackers stole about 327 ETH (~$570 000 at the time of the hack) from the Curve.Finance DeFi protocol. Developers assured that the vulnerability was discovered and fixed. Citing investigative report results, they noted that the hack was due to DNS cache “poisoning.” Binance later froze the $450 000 stolen from Curve.

Subscribe to Getblock Magazine and stay up to date with the latest news from the world of cryptocurrencies and the digital economy