Crypto Exchange KuCoin Highlights Flaws in DeFi Platform Acala's Post-Exploit Proposal

The exchange has pinpointed several mistakes in the platform’s data on erroneously issued stablecoins. 

AccessTimeIconSep 6, 2022 at 11:11 p.m. UTC
Updated Sep 7, 2022 at 1:03 p.m. UTC

Elizabeth Napolitano is a news reporter at CoinDesk.

Seychelles-based crypto exchange KuCoin has highlighted flaws in decentralized finance (DeFi) network Acala’s community proposal to recover billions of dollars worth of aUSD erroneously issued during a mid-August exploit, according to a Tuesday post published on KuCoin’s blog.

The blog pinpointed several alleged inaccuracies in the Acala proposal’s account of the exploit, including errors in the reported number of aUSD mints sent to and traded on KuCoin.

“As a neutral platform, KuCoin has no intention to intervene in the governance of the Acala community, but it has been found that much of the important information related to the CEX in the report and the proposal is inaccurate,” the blog read.

By KuCoin’s account, which cited data from a list of the exchange’s aUSD deposit addresses, hackers sent 8.03 million aUSD, rather than 4.937 million aUSD to KuCoin, and5.3 million aUSD, rather than one million aUSD was traded on the platform.

Neither KuCoin nor Acala has responded to CoinDesk’s request for comment.

In its blog, KuCoin advised Acala to reconsider its community’s proposal given its reliance on possibly inaccurate data. Freezing and burning aUSD tokens – actions the community took after reviewing the data – could cause “ tremendous damage to the Acala community and the price of the aUSD token,” the exchange observed.

“Given the significant difference in the amount of aUSD error mints deemed necessary to re-collateralize, it is suggested that the Acala community reconsider the current proposal together with the Acala Foundation,” the post read.

Hackers erroneously minted what should have been more than $3 billion worth of aUSD stablecoins in mid-August. Their actions came just before Acala launched its iBTC/aUSD liquidity pool, a crowdsourced collection of smart-contract-locked wrapped bitcoin (wBTC) and Acala’s native, “censorship-resistant” stablecoin designed to reward liquidity providers with acala (ACA), the network’s native token, and interlay (INTR).

Following the attack, the Acala community assembled a trace report to identify the 16 wallet addresses involved in the attack and trace suspicious transactions. The network has since recovered and burned 2.97 billion, or roughly 98%, of the 3.02 billion wrongly minted tokens. The community is still working to track and recover the remainder of the hacker-created tokens before resuming services, which remain suspended across the network.


Please note that our privacy policy, terms of use, cookies, and do not sell my personal information has been updated.

The leader in news and information on cryptocurrency, digital assets and the future of money, CoinDesk is a media outlet that strives for the highest journalistic standards and abides by a strict set of editorial policies. CoinDesk is an independent operating subsidiary of Digital Currency Group, which invests in cryptocurrencies and blockchain startups. As part of their compensation, certain CoinDesk employees, including editorial employees, may receive exposure to DCG equity in the form of stock appreciation rights, which vest over a multi-year period. CoinDesk journalists are not allowed to purchase stock outright in DCG.

CoinDesk - Unknown

Elizabeth Napolitano is a news reporter at CoinDesk.

CoinDesk - Unknown

Elizabeth Napolitano is a news reporter at CoinDesk.