Acala Recovers Majority of Erroneously Minted Tokens

  • The platform has so far recovered around 2.97 billion aUSD tokens from the 16 addresses that exploited a bug in its smart contracts.
  • The recovery was possible as 99% of the stablecoin’s “error mints” remained on Acala’s Polkadot parachain after the network was put in maintenance mode.
recovery

Shutterstock

Decentralized finance (DeFi) platform Acala has recovered almost all aUSD tokens that were minted during a security incident on its Polkadot parachain last Sunday, the project said via Twitter on 17 August.

According to the announcement, Acala’s team has been able to recover around 2.97 billion aUSD tokens from the 16 addresses that exploited a bug in one of Acala’s smart contracts on 14 August. Although the team behind the project was quick to place the network under maintenance mode — pausing all token swaps, xcm, oracle pallet price feeds, and other functions — these addresses were still able to mint more than 3 billion aUSD tokens, which crashed the price of the stablecoin by 99%.

Acala’s initial investigation found that 99% of the “erroneously minted aUSD” tokens remained on its Polkadot parachain, and that only a small portion of these tokens was swapped for ACA and other tokens on the network.

Only a day after the incident, Acala’s team had already recovered 1.292 billion aUSD tokens from the traced addresses. The community then swiftly passed a governance vote to have the “error mints” burned, with the ultimate goal of restoring aUSD’s 1:1 peg to the U.S. dollar.

Acala’s latest update revealed the team had recovered another 1.682 billion aUSD, which is also expected to be burned before the team restores the network’s operations. The team continues to trace the remaining 48 million aUSD — which were swapped for other tokens and transferred to different blockchains — though their recovery seems uncertain.

The swift actions taken by Acala’s team have allowed the stablecoin to recover to an extent, with aUSD changing hands for $0.9 at the time of writing.

Discussion
Related Coverage
Acala Network’s aUSD Stablecoin Falls 99% After Exploit
  • A bug in Acala Network’s newly launched iBTC/aUSD liquidity pool allowed an attacker to mint close to 1.3 billion aUSD tokens, causing its price to drop by 99%.
  • The protocol’s team quickly put the network in maintenance mode, freezing the funds in the attacker’s wallet, and is now discussing ways to restore aUSD’s peg to the U.S. dollar.
August 15, 2022, 11:22 AM
hacked

Shutterstock

Curve Finance Finds and Resolves Site Exploit
  • The DeFi platform told its users it had “found and reverted” a frontend exploit only an hour after it was first reported.
  • The attacker apparently used a DNS spoofing attack to clone curve.fi’s website, and redirect the DNS points to his IP address.
Slope Wallet Likely Tied to Solana’s Exploit
  • Solana developers claimed an investigation found no evidence that the protocol or its cryptography were compromised in the widespread exploit.
  • The investigation, however, discovered that the affected wallets were either “created, imported, or used” in Slope’s mobile app at one point in time.