A bug in the protocol’s newly-deployed iBTC-aUSD liquidity pool left the door wide open for hackers to exploit.
Decentralized finance (DeFi) platform Acala’s native stablecoin, aUSD, depegged on Sunday, plummeting 99% after hackers exploited a bug in a newly-deployed liquidity pool to mint 1.28 billion tokens.
-
After noticing the exploit, the Acala team disabled the transfer functionality of the “erroneously minted aUSD” remaining on the Acala parachain.
-
A wallet believed to belong to the attacker still contains approximately 1.27 billion aUSD.
-
On-chain sleuths have pointed out that the attacker who minted 1.28 billion aUSD was not the only person to take advantage of the bug – several other users allegedly stole thousands of dollars worth of DOT from the liquidity pool.
-
Launched earlier this year, aUSD successfully held its soft peg to the U.S. dollar until the hack. After the attack, the price of aUSD plunged from roughly $1.03 per token to $0.009.
-
It remains unclear how Acala will deal with the error mint or whether the aUSD peg can be restored.