Polkadot-Based Acala USD Depegs 70% Following $1 Billion Hack

Key Takeaways:

• A bug in the iBTC/AUSD pool allowed hackers to issue an additional 1.2 Acala Dollar (AUSD) billion tokens.
• aUSD dropped by over 70% following the attack.

DeFi protocols are now increasingly subjected to hacks and scams. Polkadot’s leading DeFi protocol, Acala, is now the latest victim of it.

Acala, which hosts the aUSD ecosystem, took to Twitter to confirm that the network has faced an exploit adding that operations have been halted following the rise of “configuration issues” on the network.

“We have noticed a configuration issue of the Honzon protocol, which affects aUSD. We are passing an urgent vote to pause operations on Acala, while we investigate and mitigate the issue. We will report back as we return to normal network operation.”, the tweet reads.

ACALA protocol is currently under compromised. Apparently there was a bug in the iBTC/AUSD pool and attacker wallet now holds over a billion $AUSD. We are monitoring. (AUSD is not listed on Binance) https://t.co/jRHmqLYeI8

— CZ ???? Binance (@cz_binance) August 14, 2022

Hours after the attack, Acala tweeted that the issue was a misconfiguration of the iBTC/aUSD liquidity pool that resulted in error mints of a significant amount of aUSD.

It added that the misconfiguration is now rectified, and wallet addresses that received the erroneously minted aUSD have been identified, with on-chain activity tracing in respect of these addresses underway.

Meanwhile functions including swap, xcm, honzon-related etc on Acala have been paused via urgent governance votes until further notice; the oracle pallet has also been paused so that users do not need to concern liquidations in between time.
7/

— Acala (@AcalaNetwork) August 14, 2022

A bug allegedly caused the hack in the iBTC/AUSD pool. The security vulnerability allowed the attacker to issue an additional 1.2 Acala Dollar (AUSD) billion tokens. The exploit further caused the stablecoin to depeg almost 70%.

The dip in price is more notable since aUSD recently hit a high of $1.03 for the first time since June 30th. The native stablecoin of the Polkadot ecosystem aUSD was launched in February and is minted through the Collateralized Debt Positions (CDPs) system. 

The AUSD stablecoin is backed by a plethora of collateral reserve assets, touting itself as the multi-chain version of the Ethereum-based Dai (DAI) stablecoin. It exists alongside the ACA (Acala Token) government token, whose value has also declined by over 12% due to the exploit.

The latest Acala exploit is only a reminder of the increasing vulnerabilities and bugs within DeFi protocols. According to Blockchain security firm Certik’s latest report, DeFi, and Web3 have seen $2 billion lost to hacks, scams, and exploits in 2022. Last week, CurveFinance, lost approximately $570,000 owing to an exploit. Earlier this year, Fortress- another DeFi lending protocol, also lost around $3 million to hackers.