Acala Network Hackers Printed $1.2 Billion in AUSD Tokens

Reading Time: 2 minutes
  • A hack on the Acala network over the weekend saw $1.2 billion in AUSD tokens minted
  • The network was quickly halted so the coins could not be cashed out
  • This has raised more questions over the concept of decentralisation

A hack on the Acala network over the weekend saw 1.2 billion of the network’s stablecoin AUSD minted before the network could be halted, crashing the dollar-pegged coin by over 99%. The hack, which took place on Sunday, has been blamed on a “misconfiguration of the iBTC/aUSD liquidity pool” which had gone live just hours prior to the hack. Acala was able to freeze the funds on the network, making them useless to the hackers, an action which led many to complain that Acala wasn’t truly decentralised as it claimed.

Acala Paused Operations to Secure the Network

Acala informed its community early on Sunday morning that it had been compromised, stating that it had “pause operations on Acala, while we investigate and mitigate the issue.” The funds were immediately frozen while Acala looked into what happened, updating its community some 12 hours later:

In the update, Acala blamed the hack on a misconfiguration of its new liquidity pool, with the addresses that received the erroneously minted AUSD tokens logged and frozen. Acala gave addresses where anyone in receipt of the stolen tokens could send them before announcing that it would “continue on-chain activity trace, and share the results with the community to facilitate formulation of community proposal & decision making to resolve the error mint of aUSD & restore aUSD peg.”

Decentralised or not Decentralised?

Whie Acala’s ability to stop the hack by freezing parts of the network may have saved the project from obliteration, its claim to be a “native decentralized stablecoin” has, naturally, come under scrutiny.

A truly decentralised project shouldn’t have the ability to freeze anything on a network, but as we are finding out more and more these days, projects that call themselves decentralised are either only partially so, or not at all.