Acala Recovers Majority of Erroneously Minted Tokens

  • The platform has so far recovered around 2.97 billion aUSD tokens from the 16 addresses that exploited a bug in its smart contracts.
  • The recovery was possible as 99% of the stablecoin’s “error mints” remained on Acala’s Polkadot parachain after the network was put in maintenance mode.
recovery

Shutterstock

Decentralized finance (DeFi) platform Acala has recovered almost all aUSD tokens that were minted during a security incident on its Polkadot parachain last Sunday, the project said via Twitter on 17 August.

According to the announcement, Acala’s team has been able to recover around 2.97 billion aUSD tokens from the 16 addresses that exploited a bug in one of Acala’s smart contracts on 14 August. Although the team behind the project was quick to place the network under maintenance mode — pausing all token swaps, xcm, oracle pallet price feeds, and other functions — these addresses were still able to mint more than 3 billion aUSD tokens, which crashed the price of the stablecoin by 99%.

Acala’s initial investigation found that 99% of the “erroneously minted aUSD” tokens remained on its Polkadot parachain, and that only a small portion of these tokens was swapped for ACA and other tokens on the network.

Only a day after the incident, Acala’s team had already recovered 1.292 billion aUSD tokens from the traced addresses. The community then swiftly passed a governance vote to have the “error mints” burned, with the ultimate goal of restoring aUSD’s 1:1 peg to the U.S. dollar.

Acala’s latest update revealed the team had recovered another 1.682 billion aUSD, which is also expected to be burned before the team restores the network’s operations. The team continues to trace the remaining 48 million aUSD — which were swapped for other tokens and transferred to different blockchains — though their recovery seems uncertain.

The swift actions taken by Acala’s team have allowed the stablecoin to recover to an extent, with aUSD changing hands for $0.9 at the time of writing.

Discussion
Related Coverage
Unibot to Compensate Users Affected by Exploit
  • Popular Telegram bot Unibot, which is used to snipe trades on Uniswap, became a victim of a token approval exploit earlier today, when it was switching to a new router.
  • After confirming the exploit, Unibot assured users that their keys and wallets were safe, and that the project will compensate all affected users.
October 31, 2023, 3:01 PM
unlock

Shutterstock

Balancer Exploited After Giving Warning
  • DeFi protocol Balancer confirmed it was exploited almost a week after disclosing a critical vulnerability affecting several of its boosted pools.
  • The platform did its best to mitigate some of the risks but was unable to pause the affected pools, and an estimated $980,000 in DAI were stolen in an attack.
Zunami Protocol’s Stablecoin Pools Exploited, Suffers $2.1M Loss
  • DeFi yield aggregator Zunami Protocol confirmed that a hacker had attacked its “zStables” pools on Curve Finance using a price manipulation exploit.
  • Security firm PeckShield has estimated that over $2.1 million was lost during the attack, while SlowMist said it had informed Zunami of the vulnerability two months ago.