Polkadot ecosystem’s stablecoin Acala ($aUSD) suffered an exploit over the weekend that led to a malicious actor minting $1.2 billion out of thin air. The Acala team “paused” operations via an emergency governance proposal to investigate the issue.
On August 15, a governance proposal was submitted to “effectively burn” $1.288 billion aUSD following the release of an on-chain report from the Acala Council.
$1.2 billion of aUSD printed by a hacker overnight and barely a peep in my timeline.
Things feel more bearish to me than the market is pricing at this particular moment.
We’ve got a lot of work to do. https://t.co/HE2MGlXk0d
— Mike 🌪️as (🏌️♂️, ⛳️) (@mdudas) August 14, 2022
Acala initially notified users of the issue around 3 AM BST on August 14, stating that they were working to “mitigate the issue.” The source of the exploit was publicly reported by 1 PM BST on August 14, just 10 hours later. The announcement confirmed that over 99% of the “erroneously minted aUSD [remained] on Acala parachain.”
We have identified the issue as a misconfiguration of the iBTC/aUSD liquidity pool (which went live earlier today) that resulted in error mints of a significant amount of aUSD
1/— Acala (@AcalaNetwork) August 14, 2022
Within the Twitter thread that identified the exploit’s cause, Acala stated that it had identified the “wallet addresses that received the erroneously minted aUSD… with on-chain activity tracing” in progress.
The misconfiguration has since been rectified and wallet addresses that received the errorneously minted aUSD have been identified, with on-chain activity tracing in respect of these addresses underway
2/— Acala (@AcalaNetwork) August 14, 2022
Regarding the potential impact on the broader Polkadot ecosystem, Victor Young, the Founder and Chief Architect at Analog, commented that
“I still believe that Polkadot’s infrastructure is secure by design… the same cannot be said about Acala Network, an application-specific chain customized to power liquidity, economic activity, and stable coin utility on the platform.
In my view, we’ll continue to see more of these attacks because many dApp developers don’t put in the legwork when defining their code’s security properties. Even if the smart contract is audited, the code may not be foolproof.”
Governance framework and leadership
The Acala Network is committing to a community governance proposal to decide the resolution to the incident. Currently,…
Click Here to Read the Full Original Article at Stablecoins News | CryptoSlate…