Polkadot-Powered Stablecoin Tanks As Hackers Mint 1.3B Tokens 

Hackers minted themselves 1.3 billion aUSD tokens on Sunday, sending the dollar-pegged stablecoin as low as $0.07 on KuCoin

article-image

Acala deity in Buddha Tooth Relic Temple in Singapore | Source: Shutterstock

share

key takeaways

  • Hackers attacked Acala’s new liquidity pool to mint more than one billion aUSD tokens
  • aUSD crashed almost immediately but has since rebounded, now trading above $0.90

Polkadot-powered stablecoin acala dollar (aUSD) crashed to below 10 cents on Sunday after hackers minted 1.3 billion of the tokens for free.

The stablecoin’s issuing network Acala voted to suspend functionality to address the situation. In a tweet on Sunday, Acala said it noticed a configuration issue on its stablecoin protocol Honzon, which directly affects how aUSD operates.

Acala, one of the first Polkadot parachains, styles itself as a “DeFi hub” for the network. It had just launched a yield-bearing liquidity pool for aUSD and a form of wrapped bitcoin, which contained a bug dictating how the pool pays out rewards.

On-chain observers found hackers had exploited the flaw to mint 1.3 billion aUSD, with one attacker wallet holding about 1.27 billion aUSD. 

The incident resulted in aUSD, which had held its soft peg since its February launch, crashing as low as $0.07 on KuCoin, echoing TerraUSD’s collapse in May. 

However, aUSD quickly rebounded and now trades for more than $0.90. Blockchain explorers show aUSD’s official supply is almost 4.8 million tokens.

While Acala’s Honzon protocol manages the stablecoin based on various risk management algorithms, aUSD’s value is also derived from a basket of reserve assets, mostly Polkadot ecosystem tokens. Users can mint aUSD by sending certain digital assets to the protocol.

“This enables people to transact, trade, and facilitate services using aUSD without price volatility,” it said in aUSD’s announcement post.

Polkadot networks handle hackers with governance votes

Acala has labeled the snafu a “misconfiguration,” saying it had been rectified the same day and wallet addresses that received the erroneously-minted aUSD had been identified.

The network itself hasn’t disclosed the amount of tokens printed throughout the incident, but said it managed to retain over 99% of the tokens involved.

The remaining illicit aUSD has been locked until a collective governance decision on what to do next has been voted upon, Acala added.

Loading Tweet..

Last October, experimental Polkadot implementation Kusama similarly voted to manage a security vulnerability involving stolen tokens.

Both Acala Network and co-founder Bette Chen didn’t return Blockworks’ request for comment by press time.

Acala’s ACA has shed about 13% since the attack. Binance CEO Changpeng Zhao said in a tweet that the exchange was “monitoring” the situation. Binance doesn’t list aUSD but does support ACA trade.

David Canellis contributed reporting.


Get the day’s top crypto news and insights delivered to your email every evening. Subscribe to Blockworks’ free newsletter now.


Want alpha sent directly to your inbox? Get degen trade ideas, governance updates, token performance, can’t-miss tweets and more from Blockworks Research’s Daily Debrief.


Can’t wait? Get our news the fastest way possible. Join us on Telegram and follow us on Google News.


Tags

upcoming event

MON - WED, MARCH 18 - 20, 2024

Digital Asset Summit (DAS) is returning March 2024. This year’s event will be held in our nation’s capital, where industry leaders, policymakers, and institutional experts will come together to discuss the latest developments and challenges in the ever-evolving world of cryptocurrency. […]

upcoming event

MON - WED, SEPT. 11 - 13, 2023

2022 was a meme.Skeptics danced, believers believed.Eventually, newcomers turned away, drained of liquidity and hope.Now, the tide is shifting and it’s time to rebuild. Permissionless II is the brainchild of Blockworks and Bankless. It’s not just a conference, but a call […]

recent research

Cosmos Hub: ATOM Economic Zone

Research

Replicated Security, the Hub’s Validation-as-a-Service offering that went live in March, is the first step in bringing value accrual to ATOM stakers.

/

article-image

Bitcoin price predictions are meaningless, so let’s expend our prediction energy on something that actually matters

article-image

A new complaint against Elon Musk and Tesla alleges that Musk manipulated both bitcoin and dogecoin

article-image

Kenya’s central bank doesn’t seem enamored by the idea of a CBDC but hasn’t slammed the door shut yet

article-image

Both Ethereum and Solana have enjoyed vibrant DeFi environments, but this has not yet been the case for Cosmos

article-image

As Japan takes important step forward on stablecoins, industry participants say, proposed US laws around such crypto assets remain in flux

article-image

Stablecoins offer global financial access and on-chain transactions without limitations, while FedNow falls short in terms of utility, global reach and inclusivity