Crypto Exchange KuCoin Highlights Flaws in DeFi Platform Acala’s Post-Exploit Proposal


Elizabeth Napolitano is a news reporter at CoinDesk.

Seychelles-based crypto exchange KuCoin has highlighted flaws in decentralized finance (DeFi) network Acala’s community proposal to recover billions of dollars worth of aUSD erroneously issued during a mid-August exploit, according to a Tuesday post published on KuCoin’s blog.

The blog pinpointed several alleged inaccuracies in the Acala proposal’s account of the exploit, including errors in the reported number of aUSD mints sent to and traded on KuCoin.

“As a neutral platform, KuCoin has no intention to intervene in the governance of the Acala community, but it has been found that much of the important information related to the CEX in the report and the proposal is inaccurate,” the blog read.

By KuCoin’s account, which cited data from a list of the exchange’s aUSD deposit addresses, hackers sent 8.03 million aUSD, rather than 4.937 million aUSD to KuCoin, and5.3 million aUSD, rather than one million aUSD was traded on the platform.

Neither KuCoin nor Acala has responded to CoinDesk’s request for comment.

In its blog, KuCoin advised Acala to reconsider its community’s proposal given its reliance on possibly inaccurate data. Freezing and burning aUSD tokens – actions the community took after reviewing the data – could cause “ tremendous damage to the Acala community and the price of the aUSD token,” the exchange observed.

“Given the significant difference in the amount of aUSD error mints deemed necessary to re-collateralize, it is suggested that the Acala community reconsider the current proposal together with the Acala Foundation,” the post read.

Hackers erroneously minted what should have been more than $3 billion worth of aUSD stablecoins in mid-August. Their actions came just before Acala launched its iBTC/aUSD liquidity pool, a crowdsourced collection of smart-contract-locked wrapped bitcoin and Acala’s native, “censorship-resistant” stablecoin designed to reward liquidity providers with acala (ACA), the network’s native token, and interlay (INTR).

Following the attack, the Acala community assembled a trace report to identify the 16 wallet addresses involved in the attack and trace suspicious transactions. The network has since recovered and burned 2.97 billion, or roughly 98%, of the 3.02 billion wrongly minted tokens. The community is still working to track and recover the remainder of the hacker-created tokens before resuming services, which remain suspended across the network.

Sign up for Market Wrap, our daily newsletter explaining what happened today in crypto markets – and why.

By signing up, you will receive emails about CoinDesk product updates, events and marketing and you agree to our terms of services and privacy policy.


Please note that our

privacy policy,

terms of use,

cookies, and

do not sell my personal information

has been updated.

The leader in news and information on cryptocurrency, digital assets and the future of money, CoinDesk is a media outlet that strives for the highest journalistic standards and abides by a

strict set of editorial policies. CoinDesk is an independent operating subsidiary of

Digital Currency Group, which invests in


and blockchain

startups. As part of their compensation, certain CoinDesk employees, including editorial employees, may receive exposure to DCG equity in the form of

stock appreciation rights, which vest over a multi-year period. CoinDesk journalists are not allowed to purchase stock outright in DCG.

Elizabeth Napolitano is a news reporter at CoinDesk.

Elizabeth Napolitano is a news reporter at CoinDesk.