Crypto Exchange KuCoin Highlights Flaws in DeFi Platform Acala’s Post-Exploit Proposal
Seychelles-based crypto exchange KuCoin has highlighted flaws in decentralized finance (DeFi) network Acala’s community proposal to recover billions of dollars worth of aUSD erroneously issued during a mid-August exploit, according to a Tuesday post published on KuCoin’s blog.
The blog pinpointed several alleged inaccuracies in the Acala proposal’s account of the exploit, including errors in the reported number of aUSD mints sent to and traded on KuCoin.
“As a neutral platform, KuCoin has no intention to intervene in the governance of the Acala community, but it has been found that much of the important information related to the CEX in the report and the proposal is inaccurate,” the blog read.
By KuCoin’s account, which cited data from a list of the exchange’s aUSD deposit addresses, hackers sent 8.03 million aUSD, rather than 4.937 million aUSD to KuCoin, and5.3 million aUSD, rather than one million aUSD was traded on the platform.
Neither KuCoin nor Acala has responded to CoinDesk’s request for comment.
In its blog, KuCoin advised Acala to reconsider its community’s proposal given its reliance on possibly inaccurate data. Freezing and burning aUSD tokens – actions the community took after reviewing the data – could cause “ tremendous damage to the Acala community and the price of the aUSD token,” the exchange observed.
“Given the significant difference in the amount of aUSD error mints deemed necessary to re-collateralize, it is suggested that the Acala community reconsider the current proposal together with the Acala Foundation,” the post read.
Hackers erroneously minted what should have been more than $3 billion worth of aUSD stablecoins in mid-August. Their actions came just before Acala launched its iBTC/aUSD liquidity pool, a crowdsourced collection of smart-contract-locked wrapped bitcoin and Acala’s native, “censorship-resistant” stablecoin designed to reward liquidity providers with acala (ACA), the network’s native token, and interlay (INTR).
Following the attack, the Acala community assembled a trace report to identify the 16 wallet addresses involved in the attack and trace suspicious transactions. The network has since recovered and burned 2.97 billion, or roughly 98%, of the 3.02 billion wrongly minted tokens. The community is still working to track and recover the remainder of the hacker-created tokens before resuming services, which remain suspended across the network.