Another unbacked stablecoin collapsed this weekend, this time after a hacker was able to mint a staggering $1.28 billion worth of the dollar-pegged token.
The Acala Dollar (aUSD) collapsed from $1.03 to $0.009 in the space of three hours on Saturday (Aug. 13). The problem seems to have been a coding error in a new liquidity pool supporting the Acala stablecoin ecosystem, a decentralized finance (DeFi) project built on the Polkadot blockchain.
This allowed an attacker to mint an enormous amount of aUSD stablecoins on the just-opened iBTC/aUSD liquidity pool without putting up any of the collateral theoretically required to mint the dollar-pegged tokens.
That raises a question that must be asked about algorithmic stablecoins: When do backers decide enough is enough?
The aUSD is an algorithmic stablecoin backed by an overcollateralization system in which its peg is maintained by a reserve of cryptocurrencies, rather than fiat currency and highly liquid assets like the U.S. Treasuries that back No. 2 stablecoin USD Coin and, increasingly, Tether’s USDT.
Recent proposed stablecoin regulatory legislation in the U.S. has mandated this reserve of fiat currency and Treasuries.
The latest attack raises a number of issues that have bedeviling not just the algorithmic stablecoin market, but another important part of DeFi — the cross-chain payments bridges that have been hacked to the tune of at least $1.4 billion this year alone.
First off, how can DeFi gain the trust of investors over the long term if flawed code, uploaded after a lightly attended vote of governance token holders without proper vetting, is again and again the cause of a potentially project-killing theft?
Several have failed, most spectacularly the TerraUSD (UST) stablecoin. That collapsed in May after a confidence-caused run, costing owners of UST and its partner coin LUNA — which were supposed to maintain a $1 peg using an arbitrage mechanism that failed — $48 billion.
The DeFi stablecoin used a staking mechanism in which liquidity pools are funded by investors who provide liquidity for the system. Users can mint new aUSD stablecoins by locking up other tokens — like Acala’s native ACA token — at a ratio of as much as 200%, reclaiming their collateral by returning the borrowed aUSD, which are then burned.
If that sounds a lot like the lending/borrowing protocols and cross-chain payments bridges that have seen so many bankruptcies and hacks this year, that’s because they do share many basic similarities.
No One’s in Charge
Which leads to the second problem: The actual losses to the aUSD platform were minimal.
That sounds like the opposite of a problem, but the reason they were so small — under $2 million by some accounts — is that the project’s developers were able to very quickly shut off the ability to transfer those stablecoins.
And while that’s good from a theft prevention perspective — and probably an anti-money laundering and compliance perspective — it does raise questions about the ability of the DeFi platforms and companies that issue centralized stablecoins to turn them on and off at will.
It’s not only a matter of hacks, although that alone is likely to make non-crypto investors very wary of algorithmic stablecoins.
The DeFi governance system, made up of decentralized autonomous organizations (DAOs), also has a problem that must be resolved if algorithmic stablecoins are to maintain their popularity in crypto, and especially to gain the trust needed to be used as a payments currency outside of crypto.
Governance votes are often sparsely attended and minimally publicized. That gives big investors with the resources to pay attention a great deal of power.
For all PYMNTS crypto coverage, subscribe to the daily Crypto Newsletter.
PARTNER WITH PYMNTS