Acala recovers 2.97 billion of aUSD stablecoin minted during exploit

Quick Take

  • Acala has recovered 2.97 billion aUSD following the security incident on its Polkadot parachain.
  • The team traced 16 addresses that minted more than 3 billion aUSD after misusing a protocol misconfiguration.

Acala, a parachain project on Polkadot, says it has recovered about 2.97 billion from 16 addresses that minted 3 billion Acala USD (aUSD) in a security incident last Sunday.

The incident occurred due to a code error in one of Acala's smart contracts that managed the iBTC/aUSD liquidity pool. The error allowed some Acala liquidity providers to mint its native stablecoin and illegitimately move them into their control.

Per the team, 99% of these “error mints” remained within addresses on the Acala network. This team halted the Acala chain and was able to freeze addresses that held the minted stablecoin.

After placing the network in maintenance mode on Monday, the team was able to recover 1.292 billion aUSD. This sum was burned following a swift passing of a governance vote.

In its latest update, the team has recovered another 1.682 billion aUSD, which increased the overall recovered sum to 2.974 billion aUSD. This additional sum of 1.682 billion aUSD is expected to be burned as well before the team restores back its network. Meanwhile, 48 million aUSD hasn’t been recovered yet, which includes the minted aUSD that was swapped and transferred to other blockchains.

The incident caused tremendous volatility in the price of aUSD. It momentarily plummeted to less than 0.01, losing more than 99% of its value on Sunday. The stablecoin has since recovered and is changing hands at $0.90 at the time of writing.

© 2023 The Block. All Rights Reserved. This article is provided for informational purposes only. It is not offered or intended to be used as legal, tax, investment, financial, or other advice.