Hackers used a vulnerability in a freshly deployed liquidity pool to create 1.28 billion aUSD tokens, causing the native stablecoin of the Acala Network to crash to zero on Sunday.
Acala immediately placed the network into maintenance mode, suspending on-chain swaps, Polkadot cross-chain interactions, and oracle price feed to prevent stolen money from exiting the parachain.
On Sunday, Acala Network was severely exploited, resulting in its native stablecoin aUSD falling from its intended $1 peg to virtually nothing.
Data on the blockchain indicates that a hacker accidentally created 1.28 billion aUSD tokens and exchanged a portion of those tokens for Acala’s native currency, ACA, and four other tokens.
On-chain data also showed that other users, including those who copied the original hacker, took advantage of the flaw to make fortunes for themselves at the expense of the liquidity pool. The estimated amount of stolen cash is less than $10 million, excluding the value lost due to the USD’s depeg.
Since its inception, Acala Network has marketed itself as a central hub for Web3’s decentralised financial transactions, and it is an Ethereum-compatible Polkadot parachain. Its ecosystem revolves around Acala USD, a MakerDAO-inspired, overcollateralized stablecoin.
In March, Acala and Polkadot parachains collaborated to offer a $250 million ecosystem fund to reward developers generating demand for aUSD. However, the stablecoin drop to nearly nothing has caused the community to have grave fears about the future of the parachain.
Most Acala network operations remain stopped almost twenty-four hours after the event, with limited information from the project about future actions. Following the revelation, the value of the network’s native token, ACA, decreased by almost 7%, from $0.29 to $0.26.