Acala Network Resumes Full Operations After Exploit

Almost two months after experiencing a major security exploit, Polkadot’s Acala parachain has finally completed the final step in its plan to resume all operations, the platform said via Twitter on 5 October.

Back in August, decentralized finance (DeFi) platform Acala Network suffered from a security exploit due to a code misconfiguration in a liquidity pool smart contract, which allowed liquidity providers to “error mint” more than 3 billion aUSD. Shortly after the exploit was detected, Acala’s team suspended all activities on the network through an emergency governance vote, with 99% of the “erroneously minted aUSD” remaining on the Acala parachain.

Days later, the Acala team revealed they had recovered around 2.97 billion aUSD tokens that were minted during the security incident, which were promptly burned after a community vote was passed. The platform then adopted a phased approach to resuming its operations, with each phase requiring approval from a governance vote to be executed.

The first step was taken on 26 September, when the Acala team allowed liquidity providers to unstake or withdraw their liquidity from the network. On 29 September, the community referendum for phase 2 was passed, allowing vault owners to manage their debt positions to ensure they were safe before liquidations were enabled. Other services, such as DEX trading, transfers, LDOT instant redeem, xcm, and EVM+ were also enabled through that vote.

Today, the Acala team finally completed phase 3 of their plan, enabling oracles, liquidation, and CDP borrowing on the network. The team had previously said that all aUSD tokens in circulation were fully backed 1:1 by crypto assets, noting that all error mints had been recovered with the exception of 5.8 million tokens, which were re-collateralized by the team using their own funds.