The Acala Network’s aUSD stablecoin depegged by over 99% over the weekend and forced the Acala team to pause a hacker’s wallet, raising concerns about its claim of being decentralized.
On Aug. 14, a hacker tookof a bug on the iBTC/aUSD liquidity pool which resulted in 1.2 billion aUSD being without collateral. This event crashed the USD-pegged stablecoin to a cent, and in response, the Acala team froze the erroneously minted tokens by placing the network in maintenance mode.
The move also halted other features such as swaps, xcm (cross-chain communications on Polkadot), and the oracle pallet price feeds until “further notice”
We have identified the issue as a misconfiguration of the iBTC/aUSD liquidity pool (which went live earlier today) that resulted in error mints of a significant amount of aUSD
— Acala (@AcalaNetwork)
While the move to put the network in maintenance mode and freeze funds in the hacker’s wallet may have been meant to protect users and the network from any further harm, proponents of decentralization have cried foul.
Acala is a cross-chainhub that issues the aUSD stablecoin based on the Polkadot ( ) blockchain. aUSD is a crypto-backed stablecoin which Acala claims is censorship-resistant. iBTC is a form of wrapped Bitcoin ( ) which can be used in DeFi protocols.
Community members have noted the irony of Acala’s claims about aUSD’s censorship-resistance since the protocol froze funds so swiftly. Twitter userpointed out on Aug. 14 that «would have to go to governance to be ‘decentralized’ finance.»
“If Acala centrally controls that decision is this really DeFi?”
A member of the project’s Discord channel usafmikerolling back the chain to reverse the token mints altogether, but was by skylordafk.dot, another member who said such an action would “set a harmful precedent.”
As of the time of writing, the network was still in maintenance mode to block all token transfers, but the team confirmed that the bug had been fixed. The wallets that received erroneously minted aUSD have been identified, and 99% of them were still on Acala which leaves the possibility that they may be retrieved by the community if it votes to do so.
The Acala exploit is the second major one in a week as Curve Finance (CRV) experienced an attack on its front end on Aug. 9 which directed users to approve a malicious contract. Acala’s problem differs from Curve’s as theas users who directly interacted with its smart contracts experienced no issues.
aUSD is the latest stablecoin to lose its peg in the past few months, starting notoriously with Terra USD (UST) in May, which has since been renamed to Terra Classic USD (USTC). Other notable depegs includeand .