Network and token freeze after Acala exploit raises questions

cointelegraph.com:

The Acala Network’s aUSD stablecoin depegged by over 99% over the weekend and forced the Acala team to pause a hacker’s wallet, raising concerns about its claim of being decentralized.

On Aug. 14, a hacker took advantage of a bug on the iBTC/aUSD liquidity pool which resulted in 1.2 billion aUSD being minted without collateral. This event crashed the USD-pegged stablecoin to a cent, and in response, the Acala team froze the erroneously minted tokens by placing the network in maintenance mode.

The move also halted other features such as swaps, xcm (cross-chain communications on Polkadot), and the oracle pallet price feeds until “further notice”

We have identified the issue as a misconfiguration of the iBTC/aUSD liquidity pool (which went live earlier today) that resulted in error mints of a significant amount of aUSD1/

While the move to put the network in maintenance mode and freeze funds in the hacker’s wallet may have been meant to protect users and the network from any further harm, proponents of decentralization have cried foul.

Acala is a cross-chain decentralized finance (DeFi) hub that issues the aUSD stablecoin based on the Polkadot (DOT) blockchain. aUSD is a crypto-backed stablecoin which Acala claims is censorship-resistant. iBTC is a form of wrapped Bitcoin (BTC) which can be used in DeFi protocols.

Community members have noted the irony of Acala’s claims about aUSD’s censorship-resistance since the protocol froze funds so swiftly. Twitter user Gr33nHatt3R.dot pointed out on Aug. 14 that decisions "would have to go to governance to be 'decentralized' finance."

A member of the project’s Discord channel usafmike proposed rolling back the chain to reverse the token mints altogether, but was challenged by