Attack on Acala Network results in stolen 1.2 billion AUSD


In 2022, many stablecoins depegged from their dollar value. This year, various currencies, such as the Alpaca USD (AUSD) from the Polkadot network, dropped below a U.S. penny before recovering to around $0.95 within hours. According to reports, the Acala protocol was compromised, allowing an attacker to make 1.2 billion AUSD.

In addition to USDT, DAI, and a few others, several stablecoins experienced poor performance in terms of their U.S. dollar value throughout the year. The collapse of the Terra ecosystem resulted in the entire crypto-economy losing around $40 billion. Following the collapse of the Terra ecosystem, various other stablecoins, such as the Waves' Neutrino USD, Abracadabra's magic internet money, and Tron's USDD, dropped below $1.

Although Terra's USTC never regained its $1 peg, other stablecoins, such as USDT, MIM, USDN, and USDD, all changed their dollar value to around 99 cents on August 14, 2022. On the same day, the Acala USD from the Polkadot network lost its dollar peg. According to data from coinmarketcap.com, the currency's price dropped to around $0.006383 on Sunday. After briefly rising to the upper range of the market's price, the price of the currency immediately fell to $0.01165.

Shortly before the value of AUSD started to plummet, the Acala Network announced on its Twitter page that it had detected a configuration issue affecting the Honzon protocol. The team behind the project then decided to suspend the network's operations to investigate and resolve the issue.

In response to the issue, Changpeng Zhao, the CEO of cryptocurrency exchange Binance, revealed on Twitter that the ACALA protocol had been compromised. He said the attacker's wallet reportedly held over a billion AUSD.

97/100
Multibank Review
Visit Site
96/100
Capital.com Review
Visit Site
96/100
Markets.com Review
Visit Site

'Misconfiguration' results in error mints

Multiple reports claimed that a hacker could access the Acala network and successfully make 1.2 billion AUSD. This caused the stablecoin to de-pegate. However, hours later, Acala revealed that the issue was caused by a misconfiguration in the liquidity pool of the iBTC network. The team also said that the issue resulted in a significant amount of AUSD mistakenly minted.

After addressing the issue, the team said that it had identified the wallets that received the incorrectly issued AUSD tokens. The team added that it was working on an on-chain investigation to determine the amount of AUSD that was mistakenly issued.

The team also said that the AUSD tokens that were mistakenly issued had been transferred to the other Acala parachain native tokens. Despite this, the dollar value of AUSD still remained at around $0.01159. According to market data provider coinmarketcap.com, the currency's value had remained relatively stable.

Attack on Acala might continue

Despite the team's efforts to resolve the issue, it has been reported that other decentralized applications were also affected by the attack. These apps were typically targeted by hackers who looked for potential vulnerabilities in smart contracts.

Victor Young, the founder of blockchain startup Analog, said that the Acala issue highlighted the vulnerability in the design of parachains. He compared the issue with the exposure in the relay chain of the PolkaDot.

Young also said that the issue could potentially be replicated in other decentralized applications in the future if the developers of smart contracts fail to regularly check their codes.

"In my view, we'll continue to see more of these attacks because many dApp developers don't put in the legwork when defining their code's security properties. Even if the smart contract is audited, the code may not be foolproof. In this regard, developers and QA experts need to continuously evaluate to ensure the code achieves its objectives," Young said.