Polkadot-Powered Stablecoin Tanks As Hackers Mint 1.3B Tokens 

Hackers minted themselves 1.3 billion aUSD tokens on Sunday, sending the dollar-pegged stablecoin as low as $0.07 on KuCoin

article-image

Acala deity in Buddha Tooth Relic Temple in Singapore | Source: Shutterstock

share

key takeaways

  • Hackers attacked Acala’s new liquidity pool to mint more than one billion aUSD tokens
  • aUSD crashed almost immediately but has since rebounded, now trading above $0.90

Polkadot-powered stablecoin acala dollar (aUSD) crashed to below 10 cents on Sunday after hackers minted 1.3 billion of the tokens for free.

The stablecoin’s issuing network Acala voted to suspend functionality to address the situation. In a tweet on Sunday, Acala said it noticed a configuration issue on its stablecoin protocol Honzon, which directly affects how aUSD operates.

Acala, one of the first Polkadot parachains, styles itself as a “DeFi hub” for the network. It had just launched a yield-bearing liquidity pool for aUSD and a form of wrapped bitcoin, which contained a bug dictating how the pool pays out rewards.

On-chain observers found hackers had exploited the flaw to mint 1.3 billion aUSD, with one attacker wallet holding about 1.27 billion aUSD. 

The incident resulted in aUSD, which had held its soft peg since its February launch, crashing as low as $0.07 on KuCoin, echoing TerraUSD’s collapse in May. 

However, aUSD quickly rebounded and now trades for more than $0.90. Blockchain explorers show aUSD’s official supply is almost 4.8 million tokens.

While Acala’s Honzon protocol manages the stablecoin based on various risk management algorithms, aUSD’s value is also derived from a basket of reserve assets, mostly Polkadot ecosystem tokens. Users can mint aUSD by sending certain digital assets to the protocol.

“This enables people to transact, trade, and facilitate services using aUSD without price volatility,” it said in aUSD’s announcement post.

Polkadot networks handle hackers with governance votes

Acala has labeled the snafu a “misconfiguration,” saying it had been rectified the same day and wallet addresses that received the erroneously-minted aUSD had been identified.

The network itself hasn’t disclosed the amount of tokens printed throughout the incident, but said it managed to retain over 99% of the tokens involved.

The remaining illicit aUSD has been locked until a collective governance decision on what to do next has been voted upon, Acala added.

Loading Tweet..

Last October, experimental Polkadot implementation Kusama similarly voted to manage a security vulnerability involving stolen tokens.

Both Acala Network and co-founder Bette Chen didn’t return Blockworks’ request for comment by press time.

Acala’s ACA has shed about 13% since the attack. Binance CEO Changpeng Zhao said in a tweet that the exchange was “monitoring” the situation. Binance doesn’t list aUSD but does support ACA trade.

David Canellis contributed reporting.


Get the news in your inbox. Explore Blockworks newsletters:

Tags

Decoding crypto and the markets. Daily, with Byron Gilliam.

Upcoming Events

Old Billingsgate

Mon - Wed, October 13 - 15, 2025

Blockworks’ Digital Asset Summit (DAS) will feature conversations between the builders, allocators, and legislators who will shape the trajectory of the digital asset ecosystem in the US and abroad.

Industry City | Brooklyn, NY

TUES - THURS, JUNE 24 - 26, 2025

Permissionless IV serves as the definitive gathering for crypto’s technical founders, developers, and builders to come together and create the future.If you’re ready to shape the future of crypto, Permissionless IV is where it happens.

Brooklyn, NY

SUN - MON, JUN. 22 - 23, 2025

Blockworks and Cracked Labs are teaming up for the third installment of the Permissionless Hackathon, happening June 22–23, 2025 in Brooklyn, NY. This is a 36-hour IRL builder sprint where developers, designers, and creatives ship real projects solving real problems across […]

recent research

Research Report Templates (8).png

Research

Meta-aggregators like Titan and Kamino Swap improve price execution for users, making the Solana swapping landscape more competitive. Jupiter has incorporated meta-aggregation features into its latest routing engine to keep users on its front end (own the user, own the flow). At large, teams are treating swaps as a commoditized complement, offering incredibly cheap or free swaps to own the end-user and increase demand for high-margin product offerings (multi-product DeFi). On another note, the divergence in the concentration of aggregator volume between DEXs suggests increased specialization at the DEX layer by asset type.

article-image

Inflation ticked up, but less than expected

article-image

OS1 is set to disappear next week, and some traders aren’t happy

article-image

Total stablecoin supply sits at $249 billion

article-image

Why nobody can ever truly “win” Bitcoin mining

article-image

Privy said it would still operate as an “independent product” despite the acquisition

article-image

Franklin Templeton’s Roger Bayston tells Blockworks that stablecoins and market funds ‘complement’ each other