Polkadot’s DeFi Hib Acala Suffers Major Exploit, AUSD Drops by 99%


Polkadot’s decentralized finance (DeFi) hub Acala has suffered a major exploit. The hack caused the protocol’s stablecoin, aUSD, to lose 99% of its U.S. dollar peg.  The aUSD stablecoin is a core product of Acala that powers the Polkadot and Kusama ecosystem.

Acala Suffers Major Exploit

According to findings by Twitter user 0xTaysama, the hacker was able to gain access to the network by exploiting a flaw in the iBTC/AUSD pool.

Upon gaining access to the network, the hacker issued more than 1.2 billion aUSD, which led to the stablecoin losing its peg. The funds still sit in the hacker’s wallet and haven’t left the Acala chain.

The Acala team said that they identified a configuration issue with the Honzon protocol, which affected the stablecoin, and that they are passing an urgent vote to cease operations on the network to investigate the issue.

Acala Likely to Recover Funds

0xTaysama explained that, now that Acala has put the network in maintenance mode to prevent the hacker from transferring the funds, they will likely recover the funds as they did on Karura last year. At the time, Karura detected several suspicious XCM transactions that transferred KSM tokens out of its parachain account but were able to quickly recover the transferred funds through a referendum.

While Acala operates on the Polkadot ecosystem, Karura is Acala’s sister network built on Kusama.

DeFi Hacks on the Rise

Meanwhile, as the DeFi space continues to gain traction, one of its major challenges in the market remains the continued security threats. According to research conducted by blockchain analytics platform Chainalysis, 97% of the $1.7 billion worth of cryptocurrencies stolen in the first quarter of this year were taken from DeFi protocols, a 72% rise from 2021.

In June, decentralized lending platform Inverse Finance, suffered its second hack of the year, losing $1.26 million. 

Last week, DeFi protocol Curve Finance was hacked, with the attackers siphoning off $570,000 from the platform. However, the leading cryptocurrency exchange, Binance, later recovered most of the stolen funds.