Acala Network’s aUSD Stablecoin Falls 99% After Exploit
- A bug in Acala Network’s newly launched iBTC/aUSD liquidity pool allowed an attacker to mint close to 1.3 billion aUSD tokens, causing its price to drop by 99%.
- The protocol’s team quickly put the network in maintenance mode, freezing the funds in the attacker’s wallet, and is now discussing ways to restore aUSD’s peg to the U.S. dollar.
Shutterstock
The native stablecoin of decentralized finance (DeFi) platform Acala Network, aUSD, dropped in price by 99% after an attacker exploited a bug in a newly launched liquidity pool and minted almost 1.3 billion tokens.
The Acala team revealed on 14 August that there was a configuration issue with the Honzon protocol that affected aUSD, and that they were “passing an urgent vote to pause operations on Acala” while the issue was investigated. The move has paused several features — such as token swaps, xcm, oracle pallet price feeds, and other — until further notice.
Shortly after, Acala noted that a hacker had taken advantage of a bug on the newly launched iBTC/aUSD liquidity pool, with blockchain data showing he was able to mint close to 1.3 billion aUSD tokens without collateral, which caused the price of the stablecoin to crash by 99%.
The Acala team has already confirmed that the bug had been fixed and the wallet addresses connected to the attack identified. Preliminary on-chain tracing has shown that 99% of the “erroneously minted aUSD” have remained on the Acala parachain, and that only a small portion of the tokens have been swapped for ACA and other tokens on the Acala parachain.
The team behind the project has already shared an incident trace report with the community as to “facilitate formulation of community proposal & decision making” to resolve the issue, and restore aUSD’s peg to the U.S. dollar.
- Popular Telegram bot Unibot, which is used to snipe trades on Uniswap, became a victim of a token approval exploit earlier today, when it was switching to a new router.
- After confirming the exploit, Unibot assured users that their keys and wallets were safe, and that the project will compensate all affected users.
Shutterstock
- DeFi protocol Balancer confirmed it was exploited almost a week after disclosing a critical vulnerability affecting several of its boosted pools.
- The platform did its best to mitigate some of the risks but was unable to pause the affected pools, and an estimated $980,000 in DAI were stolen in an attack.
- DeFi yield aggregator Zunami Protocol confirmed that a hacker had attacked its “zStables” pools on Curve Finance using a price manipulation exploit.
- Security firm PeckShield has estimated that over $2.1 million was lost during the attack, while SlowMist said it had informed Zunami of the vulnerability two months ago.