A bug in the protocol’s newly implemented iBTC-aUSD liquidity pool leaves the door wide open for mining hackers.
Polkadot Pavilion on the Promenade at the World Economic Forum in Davos, Switzerland (Sandali Handagama / CoinDesk)
Acala’s native decentralized finance (DeFi) stablecoin, aUSD, depends on Sunday, plummeting 99% after hackers exploited a bug in a newly deployed liquidity pool to mine 1.28 billion token.
- After noticing the mining, the Acala team disabled the transfer function of the “mistakenly minted aUSD” remaining on the Acala parachain.
- An attacker’s alleged wallet still contains around 1.27 billion aUSD.
- Online investigators have shown that the attacker who mined 1.28 billion aUSD was not the only one taking advantage of this bug – several other users allegedly stole thousands of dollars worth of DOTs. from the liquidity pool.
- Launched earlier this year, aUSD successfully kept its soft peg to the US dollar until the hack. After the attack, the price of one USD dropped from about $1.03 per token to $0.009.
- It is not yet clear how Acala will resolve the error or whether the aUSD peg can be reinstated.