The Acala hack saw over a billion USD stablecoins minted from thin air, but now community member...
The Acala hack saw over a billion USD stablecoins minted from thin air, but now community members are wondering how a decentralized protocol would handle the clean-up.
The Acala Network’s a USD stablecoin depegged by over 99% over the weekend and forced the Acala team to pause a hacker’s wallet, raising concerns about its claim of being decentralized.
On Aug. 14, a hacker took advantage of a bug on the iBTC/aUSD liquidity pool, resulting in 1.2 billion USD being minted without collateral.
This event crashed the USD-pegged stablecoin to a cent, and in response, the Acala team froze the erroneously minted tokens by placing the network in maintenance mode.
The move also halted other features such as swaps, xcm (cross-chain communications on Polkadot), and the oracle pallet price feeds until “further notice.”
While the move to put the network in maintenance mode and freeze funds in the hacker’s wallet may have been meant to protect users and the network from further harm, proponents of decentralization have cried foul.
Acala is a cross-chain decentralized finance (DeFi) hub that issues the aUSD stablecoin based on the Polkadot (DOT) blockchain.
aUSD is a crypto-backed stablecoin that Acala claims is censorship-resistant. iBTC is a wrapped Bitcoin (BTC) used in DeFi protocols.
Community members have noted the irony of Acala’s claims about aUSD’s censorship resistance since the protocol swiftly froze funds. Twitter user Gr33nHatt3R.
dot pointed out on Aug. 14 that decisions "would have to go to governance to be 'decentralized' finance." “If Acala centrally controls that decision, is this DeFi?”
A member of the project’s Discord channel usafmike proposed rolling back the chain to reverse the token mints altogether,
but was challenged by skylordafk.dot, another member who said such an action would “set a harmful precedent.”
As of the time of writing, the network was still in maintenance mode to block all token transfers, but the team confirmed that the bug had been fixed.
The wallets that received erroneously minted aUSD have been identified, and 99% of them were still on Acala, which leaves the possibility that the community may retrieve them if it votes to do so.
The Acala exploit is the second major one in a week as Curve Finance (CRV) experienced an attack on its front end on Aug. 9, directing users to approve a malicious contract.
Acala’s problem differs from Curve’s as the latter’s pools were not compromised as users who directly interacted with its intelligent contracts experienced no issues.
aUSD is the latest stablecoin to lose its peg in the past few months, starting notoriously with Terra USD (UST) in May,
which has since been renamed to Terra Classic USD (USTC). Other notable depegs include Tether (USDT) and Dei (DEI). - cointelegraph