Acala trace report reveals 3B aUSD erroneously minted

High-profile security incidents continue to be a theme in 2022, with the Acala network joining a long list of stricken platforms to fall prey to exploits.

The Acala USD (aUSD) token, which acts as a native stablecoin for the Polkadot and Kusama blockchains, saw its value plummet 99% after a misconfiguration of the iBTC/aUSD liquidity pool was exploited after its launch on Sunday. Initial estimates from Acala noted that 1.2 billion aUSD was minted without the necessary collateral, seeing the token’s value depeg from its 1:1 peg with the U.S. dollar to a bottom of $0.01.

Acala put its network in maintenance mode to freeze funds and eventually managed to recoup a significant portion of the uncollateralized tokens. The Acala community proposed and voted on a referendum to identify and destroy the erroneously minted tokens to return its dollar peg to parity at $1.

1,288,561,129 aUSD minted on 16 different accounts was returned to the network’s Honzon protocol to be burned. Another 4,299,119 erroneously minted aUSD remaining in the iBTC/aUSD reward pool was also destroyed.

While the cryptocurrency community considers whether the Acala Network took the right decision to essentially freeze its network, the stablecoin was able to be repegged in a short turnaround, with the community playing its role in the chosen path to undo the exploit.

Interlay, a service that allows users to wrap Bitcoin (BTC) to iBTC and then use it across decentralized finance platforms, was drawn into the situation, as the iBTC/aUSD pool was chiefly affected by the exploit. Cointelegraph reached out to Interlay to ascertain the details of the incident and lessons to be taken forward. Acala, on the other hand, refused to comment.

While investigations are still ongoing, the theory is that the misconfiguration in the iBTC/aUSD pool allowed an attacker to mint an erroneous amount of aUSD. This then led to fears that the attacker would buy iBTC with the illicit aUSD tokens and convert that to BTC — which would have nullified Acala’s ability to recoup the tokens and restore its peg.

Interlay co-founder Alexei Zamyatin told Cointelegraph that the attack did not compromise the protocol despite having direct exposure to the affected liquidity pools:

“Acala did use iBTC in the affected pools alongside other non-Interlay assets, but the incident has not jeopardized Interlay as a network in any way. All system operations have been and remain fully functional.”

The company’s incident trace report is being constantly updated to provide more information regarding the 16 addresses that received erroneously minted rewards.

According to the update, more than 3 billion aUSD was minted and claimed by the 17 flagged liquidity provider addresses. Following the Acala community referendum, some 1.29 billion was burned while another 1.6 billion aUSD minted in error remains on these 16 addresses on the Acala parachain.

Similar Posts