Is Acala Really Decentralized Finance As Claimed? Response to Hack Raises Question.


Photo Source

On Sunday, a hacker took advantage of a bug on the iBTC/aUSD liquidity pool which resulted in 1.2 billion aUSD being minted without collateral. This event crashed the United States dollar-pegged stablecoin to a cent, and in response, the Acala team froze the erroneously minted tokens by placing the network in maintenance mode. The move also halted other features such as swaps, xcm (cross-chain communications on Polkadot), and the oracle pallet price feeds until 'further notice'.

[Newar, B. Network and token freeze after Acala exploit raises questions. (Accessed August 15, 2022).

With it's stablecoin aUSD depegged by 99%, the Network was forced to pause the hacker's wallet which in turn raised the issue concerning its claim of decentralization.

20220815 2.png
20220815 3.png
Photo Source

In the above photo in tweet 4/, note the language: "these errorneously minted aUSD remaining on Acala parachain along with these swapped Acala parachain native tokens have been transfer disabled. (emphasis added); [Acala. Tweet. (Accessed August 15, 2022)].

Acala developers said the bug was caused by a misconfiguration of the iBTC/aUSD liquidity pool shortly after it went live on Sunday. A liquidity pool is a digital pile of cryptocurrency locked in a smart contract, which results in creating liquidity for faster transactions on decentralized exchanges (DEXs) and DeFi protocols. A wallet believed to belong to the attacker still contains approximately 1.27 billion aUSD. Acala has asked white-hat hackers to return the stolen funds to Polkadot or Moonbeam addresses. On-chain sleuths have pointed out that the attacker who minted 1.28 billion aUSD was not the only person to take advantage of the bug – several other users allegedly stole thousands of dollars worth of DOT from the liquidity pool.

[Ligon, C. and Malwa, S. Acala’s Stablecoin Falls 99% After Hackers Issue 1.3B Tokens. (Accessed August 15, 2022)].

"While the decision to put the network into maintenance mode and freeze funds in the hacker’s wallet may have been intended to safeguard users and the network from further harm, decentralisation advocates have slammed the move" [FE Digital Currency. After the Acala exploit, the network and tokens freeze, raising concerns. (Accessed August 15, 2022).

Acala is a cross-chain decentralized finance (DeFi) hub that issues the aUSD stablecoin based on the Polkadot blockchain. aUSD is a crypto-backed stablecoin which Acala claims is censorship-resistant. iBTC is a form of Wrapped Bitcoin (wBTC), which can be used in DeFi protocols. Community members have noted the irony of Acala’s claims about aUSD’s censorship resistance since the protocol froze funds so swiftly. Twitter user pointed out on Aug. 14 that decisions 'would have to go to governance to be ‘decentralized’ finance: 'If Acala centrally controls that decision is this really DeFi? (emphasis added).

[Newar, supra].

As of the time of writing, the network was still in maintenance mode to block all token transfers, but the team confirmed that the bug had been fixed. The wallets that received erroneously minted aUSD have been identified, and 99% of them were still on Acala which leaves the possibility that they may be retrieved by the community if it votes to do so.

[NYZ News Bureau. Network and token freeze after Acala exploit raises questions. (Accessed August 15, 2022).

The hack had thrown crypto twitter group right into a frenzy earlier immediately with many speculating a replay of the UST state of affairs that occurred a couple of months again. It nonetheless appears it’s nothing remotely just like the collapse of the algorithmic secure coin as it’s over-collateralized. Acala defined in its assertion on twitter that the erroneously minted aUSD which instantly depegged the secure coin to lower than 70% of its unique worth stays on its parachain and from the assertion, it appears the scenario shall be salvaged very quickly. Pending Acala group collective governance determination on decision of the error minting, these erroneously minted aUSD remaining on Acala parachain together with these swapped Acala parachain native tokens have been switch disabled. The staff mentioned in its assertion.

[Abigal, V. Not Another UST; Acala Team Shares Positive Update On aUSD Hack. (Accessed August 15, 2022).

"The Acala vulnerability is the second big one in a week, following an attack on Curve Finance’s front end on August 9 that directed users to approve a malicious contract. Acala’s issue differs from Curve’s in that the latter’s pools were not jeopardised, as users who directly dealt with its smart contracts encountered no problems. aUSD is the third stablecoin to lose its peg in recent months, following in the footsteps of Terra USD (UST) in May, which has now been renamed Terra Classic USD (USTC). Tether (USDT) and Dei are two more notable depegs (DEI). [FE Digital Currency, supra].

As of the time of the writing of this article (August 15, 2022 @ 06:21 ET), aUSD has recovered from its low, albeit still below peg, presently trading for $0.9056 per CoinMarketCap. A copy of the aUSD 7-day price chart follows:

20220815 6.png
Photo Source

Posted Using LeoFinance Beta