KuCoin Finds Errors in Acala Exploit Recovery Proposal

Stablecoins

Daniela Kirova

January 31st, 2023

Why trust us

Advertiser Disclosure

A misconfiguration led to an exploit, Acala’s stablecoin lost 99%
Hackers did not send 4.937 million aUSD to KuCoin, but almost twice as much:
Acala reported one million aUSD had been traded on the platform, it was 5.3 million aUSD

Leading crypto exchange KuCoin, which is based in the Seychelles, drew attention to flaws in DeFi network Acala’s community proposal to recover billions of dollars’ worth of aUSD issued by mistake, they posted on their blog.

A misconfiguration led to an exploit in the middle of August, after which Acala’s native stablecoin lost 99% of its value and, subsequently, its peg to the US dollar.

Errors in reported number of aUSD mints sent to KuCoin

KuCoin found mistakes in the reported number of coins sent to and traded on the exchange. Based on data from a list of KuCoin’s aUSD deposit addresses, hackers did not send 4.937 million aUSD to KuCoin, but almost twice as much: 8.03 million aUSD.

The mistake in terms of volume traded was even more pronounced. Acala reported one million aUSD had been traded on the platform, where the actual number was 5.3 million aUSD, more than five times that.

Freezing and burning aUSD can cause “tremendous damage”

KuCoin suggested Acala reconsider the community proposal for recovery based on potentially inaccurate data. The community decided to freeze and burn aUSD tokens after reviewing the data, but this decision could cause “tremendous damage” to Acala users and the aUSD token price, the leading exchange finds.

KuCoin wrote on their blog:

Given the significant difference in the amount of aUSD error mints deemed necessary to re-collateralize, it is suggested that the Acala community reconsider the current proposal together with the Acala Foundation.

The incident explained

In mid-August, hackers mistakenly minted what should have exceeded $3 billion worth of aUSD stablecoins. This happened right before Acala launched its native “censorship-resistant” stablecoin.

Acala (ACA) was aimed at giving rewards for providing liquidity. The community also offered rewards in interlay (INTR). At that time, Acala also launched its crowdsourced iBTC/aUSD liquidity pool.

Acala has recovered 2.97 billion tokens

After the exploit, the Acala community put together a trace report to trace suspicious transfers and locate the 16 wallet addresses involved in the attack. Since then, the network has recovered and burned 2.97 billion of the erroneously minted tokens, which is around 98%.

Acala is still working to trace and recover the rest of the tokens created by the hacker before resuming services, which remain inactive network-wide.

Image ©ralfliebhold/123RF.COM

Contributors

Daniela Kirova

Writer

Daniela is a writer at Bankless Times, covering the latest news on the cryptocurrency market and blockchain industry. She has over 15 years of experience as a writer, having ghostwritten for several online publications in the financial sector.

Here’s Why Render Token, Arkham, Dogwifhat Prices are Dipping

Crispus Nyaga

Crypto investors seek new opportunity with Bitbot: Here's Why

Benson Toti

46% of Global Crypto Millionaires Attribute Their Wealth to Bitcoin

Elizabeth Kerr