08-14-2022-Incident On-chain Trace Results

Incident Overview

A misconfiguration of the iBTC/aUSD liquidity pool (“iBTC/aUSD LP”) (which went live earlier August 14, 2022) resulted in error mints of a significant amount of aUSD. The reward for staking of iBTC/aUSD LP tokens accorded to contributors to iBTC/aUSD LP is INTR and ACA (“iBTC/aUSD LP Rewards”) as outlined in the community post announcing the launch of the iBTC/aUSD LP accessible here at this link.

That misconfiguration resulted in those error mints of aUSD which were transferred to the wallet addresses of a number of iBTC/aUSD LP contributors when they claimed their iBTC/aUSD LP Rewards. The misconfiguration has since been rectified and the wallet addresses that received the erroneously minted aUSD have been identified, with on-chain activity tracing in respect of these addresses underway.

99%+ of the erroneously minted aUSD remain on Acala parachain, and a small proportion has been swapped for ACA and other tokens and transferred out from Acala parachain. The functionality to transfer the remaining 99%+ of the erroneously minted aUSD along with the swapped digital assets that remain on the Acala parachain, has since been transfer disabled pending the Acala community’s collective governance decision on resolution of the error minting.

Table of Trace Results

• Trace Result #1: 08-15-2022
• Trace Result #2: 08-17-2022
• Trace Result #3: 08-18-2022
• Trace Result #4: 08-19-2022 (edited 08-21 updated tx trace)
• Full Trace report: 09-01-2022
• Kucoin Trace: 09-06-2022

Timeline

2022-08-13 22:41 UTC - iBTC/aUSD pool was enacted with misconfiguration and erroneous mint started.

2022-08-13 23:00-23:40 UTC~ - Acala network contributor noticed unusual onchain activity, started investigation and declared an incident.

2022-08-14 01:17 UTC - Acala parachain is equipped with a functionality to partially pause certain transactions via governance (without halting the chain) as a defense mechanism to combat incidents like this. An urgent governance vote was passed to pause Acalaswap in order to identify the root cause.

2022-08-14 01:39 UTC: The issue of the misconfiguration was identified, an urgent governance vote was raised and passed to rectify the configuration. Erroneous minting of aUSD has since stopped.

2022-08-14 01:47 UTC: In the hours following, to contain the erroneously minted aUSD, urgent governance votes were passed to pause honzon protocol, xtoken (xcm transfer out), EVM, non-ACA token transfer, oracle pallet, and LDOT instant redeem.

The team has since started tracing on-chain activities of erroneously minted aUSD with multiple contributors helping with peer-review and verification. The trace results based on publicly available information will continuously be published to facilitate the community to formulate community proposals to resolve the error minting of aUSD & restore aUSD peg, before safely and gradually resume operations on Acala network. Below is the first batch of trace results on Aug 15 2022.

Trace Result #1: 08-15-2022

16 wallet addresses of contributors to the iBTC/aUSD LP have been identified to have the erroneously minted aUSD transferred to them when these iBTC/aUSD LP contributors claimed their iBTC/aUSD LP Rewards via the iBTC/aUSD reward pool.

Further on-chain tracing information on these wallet addresses are set out below :

• erroneously minted aUSD transferred to and remaining at these wallet addresses : 1,288,561,129 aUSD
• further analysis of these accounts is underway and will be published in following trace reports

The trace identifies

• The transactions in which iBTC/aUSD LP contributors claimed their iBTC/aUSD LP Rewards
• snapshot of account balance prior to the incident

There are also 4,299,119 erroneously minted aUSD remaining in the iBTC/aUSD reward pool that have not been claimed.

Below are the result file, and the script used for the trace. Anyone can independently verify the trace using on-chain data.

• trace result output here
• trace scripts here

What’s next

The Acala community can use the result output and the trace script, to verify the on-chain data, and collectively formulate proposals to resolve the error minting of aUSD.

The team continues to work with partners and contributors to trace erroneously minted aUSD which have been swapped to other tokens, other relevant transactions performed by the 16 wallet addresses, token outflow to other wallet addresses, parachains and exchanges etc. Results will continuously be published in a transparent manner, and the community can collectively formulate proposals to resolve the error minting of aUSD.

Thanks everyone for the strong support

to be continued…

Trace Result #2: 08-17-2022

16 wallet addresses of contributors to the iBTC/aUSD LP have been identified to have the erroneously minted aUSD transferred to them when they claimed their iBTC/aUSD LP Rewards via the iBTC/aUSD reward pool.

Summary of Findings

Further on-chain tracing information on these wallet addresses are set out below :

• 3.022B aUSD error mints were claimed by these 16 addresses
• 1.288B aUSD error mints remained on these 16 addresses and have been burned via referendum #21
• 1.682B aUSD error mints as part of iBTC/aUSD LP token obtained after the incident had happened and remained on these 16 addresses
• 2.731 iBTC as part of iBTC/aUSD LP token obtained after the incident had happened and remained on these 16 addresses
• 0.3465 iBTC obtained after the incident had happened and remained on these 16 addresses
• 60.568k ACA obtained after the incident had happened and remained on these 16 addresses
• 1.047k DOT obtained after the incident had happened and remained on these 16 addresses
• 17 LDOT obtained after the incident had happened and remained on these 16 addresses
• 8.926k aUSD error mints used to pay back vaults

Trace Result #2

One address claimed 2.9B aUSD error mints with following trace:

• Already burned: 1.267B aUSD error mints remained on this address and were burned via referendum #21
• Starting iBTC/aUSD LP was 586, current LP is 21.58M
  • 1.68B aUSD as part of iBTC/aUSD LP token obtained after the incident and remained on the address
  • 2.72 iBTC as part of iBTC/aUSD LP token obtained after the incident has happened and remained on this address
• 0.2894 iBTC swapped from aUSD error mints and remained on this address
• 60k ACA swapped from aUSD error mints after the incident had happened and remained on this address; 7,700 ACA transferred to exchange
• 330 aUSD error mints used to pay back vaults
• Other details are in the trace result output

Below are the result file, and the script used for the trace. Anyone can independently verify the trace using on-chain data.

• Trace summary here
• Trace scripts here
• Transaction trace for the one address claimed 2.9B aUSD here (edited 08-20: added more info for completeness)

What’s next

The following will come as next steps over the coming days/weeks:

• A series of trace reports will be published detailing transaction traces for each of these 16 identified addresses. The community can collectively formulate proposals to resolve the error minting of aUSD

• Further trace reports will be published to identify trading activities on Acala related to aUSD error mints, as well as outflows of aUSD error mints and tokens swapped from aUSD error mints to other accounts, parachains, and exchanges. The community can then collectively formulate proposals to resolve the error minting of aUSD and outflow of funds.

• Analysis of the liquidity pools and relevant activities will be published. The community can collectively formulate proposals to handle the states of the pools.

• A post-mortem report will be formulated and released with a summary and improvements to be made going forward

• Analysis of the state of the paused protocols and operations will be published. The community can collectively formulate proposals to gradually resume normal operations.

• Analysis of the state of the paused protocols and operations will be published. The community can collectively formulate proposals to gradually resume normal operations.

Trace Result #3: 08-18-2022 DOT Outflow

16 wallet addresses of contributors to the iBTC/aUSD LP have been identified to have the erroneously minted aUSD transferred to them when they claimed their iBTC/aUSD LP Rewards via the iBTC/aUSD reward pool.

Further on-chain tracing information on these wallet addresses identified outflow from Acala of DOT swapped from erroneously minted aUSD to Polkadot network

• 8 of the 16 identified addresses transferred a total of 176,725 DOT from Acala to Polkadot
• 41,999 DOT has since transferred to an exchange from one address
• 134,726.44 DOT remained on Polkadot addresses that received these funds from Acala

Please find the DOT trace result here and the Trace Result #1: 08-15-2022 that identified these 16 addresses. Anyone can independently verify the trace using on-chain data.

Bounty

A bounty of up to 5% will be offered to any party who returns at least 95% of total funds transferred out. Once returned, no further actions will then be taken towards these addresses regarding the funds transferred from Acala to Polkadot.

DOT must be returned to the official address on the Polkadot chain: 13YMK2eYoAvStnzReuxBjMrAvPXmmdsURwZvc62PrdXimbNy

We appreciate all of those who have safeguarded the funds.

The team continues to work with partners and contributors to trace outflows of erroneously minted aUSD related transactions. Results will continuously be published.

Trace Result #4 08-19-2022 Top Destination Address

The traces so far (Trace Result #1 & Trace Result #2) have identified 99% of the total aUSD error mints. This trace report focuses on the remaining aUSD error mints that remained on the Acala parachain. Here is what we know

• Top 10 addresses accounted for 11.21M aUSD error mints
• Out of these top 10 addresses
  • 1.4M aUSD error mints transferred from one of the identified 16 addresses remained in 2 destination addresses
  • 9.81M aUSD error mints obtained from trading with aUSD error mints remained in 8 addresses

The exchange by some of the 16 identified addresses of the aUSD error mints they received for other tokens disrupts the swap ratios of aUSD with other paired tokens in liquidity pools. Certain other addresses then acquire aUSD error mints at a significantly lower value. These addresses subsequently transferred these aUSD error mints and token swapped to other parachains such as Moonbeam, and exchanges etc.

#1 Top address

• Obtained Assets
  • 4.15M aUSD error mints obtained from trading other tokens to aUSD error mints
• Used Assets
  • 0.61 iBTC used in the trading for aUSD error mints
• Outflow Assets
  • 301.56K aUSD error mints since transferred to Moonbeam parachain via xcm

#2 Top address

• Obtained Assets
  • 2.94M aUSD error mints obtained from trading other tokens to aUSD error mints
  • 628.6K LDOT obtained from trading with aUSD error mints and/or DOT
  • 54.03K DOT obtained from trading in stableswap in relation to aUSD error mint trades (edited 08-20)
• Used Assets
  • 54.03K DOT used in trading for aUSD error mints
  • 628.6K LDOT used in trading in stableswap in relation to aUSD error mint trades (edited 08-20)

#3 Top address

• Obtained Assets
  • 1.88M aUSD error mints obtained from trading other tokens to aUSD by original address
  • 1.88M aUSD error mints transferred to this address from the origin address
• Used Assets
  • 196.02K ACA used in trading for aUSD error mints

#4 Top address

• 935.92K transferred to this address from one of the identified 16 addresses claimed aUSD error mints

#5 Top address

• 469.70K transferred to this address from one of the identified 16 addresses claimed aUSD error mints

#6 Top address

• Obtained Assets

  • 432.02K aUSD error mints obtained from trading other tokens to aUSD
    • 40.54K aUSD error mints flowed to CeX
    • 1,44K aUSD error mint used to pay back loan & withdrawn 300 DOT

• 53.29k LDOT obtained from trading in stableswap in relation to aUSD error mint trades (edited 08-20)

• Used Assets

  • 6.2K DOT and 53.29k LDOT used in trading for aUSD error mints
  • 5.7K DOT used in stableswap in relation to aUSD error mint trades (edited 08-20)

• Outflow Assets

  • 40.54K aUSD error mints transferred to exchange

#7 Top address

• Obtained Assets
  • 250.11K aUSD error mints obtained from trading other tokens to aUSD
• Used Assets
  • 15k ACA was used to trading for aUSD error mints

#8 Top address

• Obtained Assets
  • 177.43K aUSD error mints obtained from trading other tokens to aUSD
• Used Assets
  • 4.34K iBTC/aUSD was used to trading for aUSD error mints

#9 Top address

• Obtained Assets
  • 157.50K aUSD error mints obtained from trading other tokens to aUSD
• Used Assets
  • 11.2K ACA was used to trading for aUSD error mints

#10 Top address

• Obtained Assets
  • 162.25K aUSD error mints obtained from trading other tokens to aUSD
  • 427 DOT obtained from trading with aUSD error mints and DOT
  • 3.95K LDOT obtained from trading in stableswap in relation to aUSD error mint trades (edited 08-20)
• Used Assets
  • 30.29K ACA, 3.95K LDOT, 3.34K LCDOT were used to trading for aUSD error mints and DOT
  • 427 DOT used in stableswap in relation to aUSD error mint trades (edited 08-20)

Below are the result file, and the script used for the trace. Anyone can independently verify the trace using on-chain data.

• Transaction trace here
• Trace script that for tracing transactions by addresses here
• Trace output (readable) from the script here (edited: 08-20, 08-21)
• Trace output (with precision) from the script here (added: 08-20, 08-21)

edited 08-21: remove duplicated tx
edited 08-20: included relevant stableswap DeX diff for completeness

to be continued…

Full Trace Results: 09-05-2022

Summary

Below is the full trace report regarding all addresses involved in the aUSD incident. The trace starts from the origin, which is the 16 identified addresses that have claimed aUSD error mints. Then the trace identifies every address that has transacted with the 16 identified addresses, as well as the subsequent addresses that these 16 addresses have transacted with and so on through every subsequent transaction until the trace reaches parachain addresses and other exits such as CEX addresses.

Data Summary

Current outstanding aUSD error mints: 52.068M (1a)
Addresses involved in the incident: 281 (1b, 2)
Traced aUSD error mints remaining on these addresses: 42.482M (1c)
The remaining aUSD error mints are outflows to other parachains such as Moonbeam, Astar, Interlay and CEX, etc (Appendix).

Involved Addresses on Acala

Out of the 281 involved addresses, 83 addresses have transferred aUSD error mints and/or aUSD error mint-swapped tokens to other parachains such as Moonbeam, Astar, or CEX.

Out of 42.482M aUSD error mints that remain on the Acala network, 8.764M aUSD error mints remain on individual addresses, while the rest reside in the DEX module address (1d).

(see full details in 1d)

An account balance detail table is provided for each involved address to display the following:

• before: balance right before the start of the incident #1638215
• after: balance after the incident at an arbitrary recent block #1694500 (see verification section for details)
• XCM in/out, CEX in/out, liquid staking etc. that do not affect the total amount of aUSD error mints or aUSD error mints-swapped tokens gained/used on Acala
• gained_used: shows the amount of aUSD error mints and aUSD error mints-swapped tokens gained, and other tokens used during the incident
• remaining: is the minimum of after balance and gained_used

Note: each figure shown in the summary table above is summed from the figure of each address e.g. gained_used in the summary table is the sum of gained_used of each address, remaining in the summary table is the sum of remaining of each address.

Case 1: Address with all gained funds remaining on Acala

(see balance details in 1f, events trace in 4a)

• 2.932M aUSD error mints gained
• 2.073 ACA were used

Case 2.1: Address with gained funds that outflowed to other Parachains and/or CEX

(see balance details in 1f, events trace in 4a)

• 779.285K aUSD error mints gained
  • 448.794K aUSD error mints transferred to CEX
  • 330.491K aUSD error mints transferred to other parachain via xcm
  • 0 aUSD remaining
• 49.857K DOT gained
  • 48.052K DOT transferred to other parachains and Polkadotvia xcm
  • 1K DOT transferred to CEX
  • 804 DOT remaining
• 89.925 INTR gained and remaining
• 7.573K LP-AUSD-iBTC gained and remaining
• 7.841K ACA used
• 0.227 iBTC used

Case 2.2: Address with gained funds that outflowed to other Parachain and/or CEX

(see balance details in 1f, events trace in 4a)

• 162.249K aUSD error mints gained
  • 10K aUSD error mints transferred to CEX
  • 152.353K aUSD error mints remaining
• 30.293K ACA & 3,337 LCDOT used

Case 2.3: Address with gained funds that outflowed to other Parachain and/or CEX

(see balance details in 1f, events trace in 4a)

• 55.7K aUSD error mints gained
  • 815.8 aUSD error mints used to pay back ACA, LCDOT and DOT vaults
  • 8.283K aUSD error mints transferred to other parachain via xcm
  • 46.601K aUSD error mints remaining
• 117.035 DOT gained
  • 108.739 DOT came from repaying a loan using aUSD error mints
  • 116.83 DOT transferred to Polkadot via xcm
• 77.940 LCDOT gained from repaying loan using aUSD error mints

DEX

The DEX module address is a special kind of involved address that has transacted with some of the 16 identified addresses and subsequently interacted with other addresses.

33.718M aUSD error mints remain in the DEX.

Compared to the level of liquidity right before the incident, changes in other assets are as follows:

• 2.86M ACA less
• 66.150K DOT less
• 2.861 iBTC less
• 1.002M INTR less
• 22.942K LCDOT less
• 571.515K LDOT less

As a result of the asset balance changes in LP Pools, here are the differences in token balances related to the LP Pools:

(see 1e)

ACA

The community has requested ACA balances relating to identified addresses. Here are the top addresses with ACA gained during the incident:

• 3.689M ACA gained by these 16 addresses
• 2.701M ACA remaining on these addresses

(see balance details in 1h, events trace in 4a)

Other Tokens

There are also aUSD error mints-swapped tokens such as DOT, INTR, iBTC, some of which have been transferred to respective parachains and/or CEX

DOT (see Appendix 1,2)

• 15 addresses have net transfers of 185.972K DOT to Polkadot via xcm
• 3 addresses have net transfers of 6.680K DOT to CEX

iBTC & INTR (see Appendix 3)

• 1 address has a net transfer of 3.01 iBTC to Interlay
• The same address also has a net transfer of 1.062M INTR to Interlay
• Total 7 addresses have net transfers of 1.083M INTR to Interlay

Verification

A dataset snapshot period is captured between incident block #1638215 and an arbitrary end block #1694500. The arbitrary end block can be chosen differently to cover events in a longer or shorter period, which would not affect the verification.

The following are included in the verification:

1. Addresses with non-zero balance change are displayed
2. Differences between before and after balances of various tokens are calculated
3. All events relevant to these addresses that occurred during this period are identified
4. Note that these addresses also include system addresses such as DEX to display the full extent of the incident

#2 & #3 above shall match as proof that the calculations are performed correctly (4a, 4b, 4c, 4d). All data used are on-chain information accessible for anyone to view and verify.

Involved Address

The trace starts from all addresses that claimed aUSD error mints (the 16 addresses identified), then identifies all addresses subsequently interacted with them including DEX module address, and those that transacted with it, until the trace hits exit addresses such as addresses of other parachains, CEX etc. The trace also includes relevant interactions with DEX such as events like Close CDP by Swap. Fee-related swaps whose fees are less than 1 ACA and transfer amounts that are smaller than one token are not included in the trace.

Appendix

1. Involved addresses that have net transfers of DOT out to Polkadot (1f)

2. Involved addresses that have net transfers of DOT out to CEX (1f)

3. Involved addresses that have net transfers of iBTC/INTR out to Interlay (1f)

4. Involved addresses that have net transfers of aUSD out to Moonbeam & Astar (1f)

5. Involved addresses that have net transfers of aUSD out to CEX (1f, 4)

References

1. Refer to output files here

a. ausd_summary.csv
b. traced_accounts.csv
c. account_balance_details_summary_with_dex.csv
d. account_balance_details_summary_wo_dex.csv
e. account_balance_details_summary_for_dex.csv
f. account_balance_details.csv
g. total_summary_with_traced_account.csv
h. aca_remaining.csv

2. Involved address trace script: GitHub - AcalaNetwork/acala-trace
3. acala-trace/queries.sql at master · AcalaNetwork/acala-trace · GitHub
4. Verification output files here

a. account_raw_data.csv
b. total_summary.csv
c. account_events.csv
d. all_account_balance_changes.csv

Kucoin Trace: 09-06-2022

Since the aUSD incident, the Acala Foundation has been working closely with law enforcement and CEXs aiming to retrieve and return all aUSD error mints to the protocol.

Here’s additional trace information regarding Kucoin between block #1638215 (right before the incident) and block #1639493 (right after aUSD transfer was paused)

During this period, with all addresses provided by Kucoin regarding aUSD

• Total Balance before the incident: 105,861.143 aUSD (1a)
• Total Balance at block #1639493: 8,029,779.871 aUSD (1a)
• Total Transfer from Acala into Kucoin during the incident: 8,027,221.174 aUSD (1b)
• Total Transfer from Kucoin to Acala during incident:103,302.446 aUSD (1c)
• Total error mints transferred into KuCoin (transferred from involved addresses): 8,019,267.174 aUSD (99.875% of after balance being error mints)
  
  

  kucoin summary1190×1301 247 KB
  
  (1a)

Disclaimer

The trace is based on a list of aUSD addresses provided by Kucoin alleged being Kucoin’s deposit addresses on 08-26-2022, while ownership of these addresses are still pending on-chain verification. Acala Foundation has been requesting Kucoin to provide a full list of verifiable wallet addresses since 08-14-2022.

Reference

1. Results files can be found here
   a. kucoin_summary.csv
   b. transfer_from_acala_to_kucoin.csv
   c. transfer_from_kucoin_to_acala.csv

2. Trace scripts
   a. balance script here
   b. trace script here

Great move. Wish ACA get back after this mess

Move One and do what is best for member that put Money in this project. Dont leave this unsolved…

As a coin holder, I would like to know the root cause in detail and what the Acala team learns from this incident. More importantly, how does the team make sure this never happens again.

This is written in the post…

" * A post-mortem report will be formulated and released with a summary and improvements to be made going forward"

How to be with arbitration, for example, I sold 0,1 iBTC for aUSD, then redeemed them 50k aUSD at Moonbeam, then sold 2 iBTC to the acala network. With this chin, I increased the capital 100 times. These were legal actions. What will happen to the arbitrators? Even if they burn their AUSD, will they get compensation to return their investment capital?

Would it be possible to create a new post for each new trace result please?
Makes better notifications and an easier discussion to follow (with editing, we don’t know which comment refer to the original post, and which to the new traces)

Thanks

Please clarify the numbers here, which don’t currently make sense. Under ‘Summary of Findings’ it says that 3.022B was claimed by 16 addresses, and that 1.288B from these 16 addresses was already burned by referendum #21. Under ‘Trace Result #2’ it then says that one address claimed 2.9B, and that 1.267B from this one address was burned by referendum #21. Taken together, this post is stating that:

1. In total 5.922B aUSD was error minted.
2. In total 2.555B was burned by referendum #21.
3. That approximately half was minted by 1 wallet, whilst the rest was minted across 16 wallets.

Please confirm these figures are correct as they are different to what has previously been described. If these figures are incorrect then please can you amend them and be very clear about what the correct numbers are.

Also, please can you publish the methodology you are using for these traces so the community can independently verify the findings and make an informed decision in any proposal.

Do your math again. The first referendum was executed on actions taken from the 16 addresses.

Reminder:

1. The 1,288,561,129 aUSD erroneously minted aUSD remained on these 16 accounts be returned to honzon protocol to be effectively burnt
2. The 4,299,119 erroneously minted aUSD remaining in the iBTC/aUSD reward pool be returned to honzon protocol to be effectively burnt

Now do ~3,022,000,000 - (1,288,561,129 + 4,299,119) = ~1,729,139,752

FYI, total currently supply is: 1,739,774,069.320

Let me know if you need additional help

As I understand it now, all the figures relating to the 1 wallet are included as part of the 16 wallets. That makes a lot more sense. I think the post could be made a lot clearer by just adding ‘Of the 3bn minted by the 16 wallets, 2.9bn was minted by one wallet, etc.’ because it currently reads as if these are separate amounts.

I did an arbitrage with the ACA token and i am in the same situation as you, what we did was legitimate, and I dont know why they should slash our gains, that is not decentralized at all.

On the contrary, we did nothing illegal: when the casino wins everything in order, and when the player earns the casino calls it a crime.

It´s frustrating, i have been suporting acala since 2021, and buying the dips because i believe in the proyect, and now that for the first time i win something and they want to slash from me.

They have millions on the treasury funds, and on the accounts of the devs. Why should they vote to slash my gains on a trade? This is supoused to be a DEX, but it is looking more and more like a CEX, because if the devs want to slash our accounts they just have to do a votation, and because they have the majority of the ACA tokens they wil win…

So why don’t we stop ACA transfers?

60k ACA is irrelevant loss.

FYI:
I justed traced 3.6 Million of the wrongly minted AUSD sent from one of the 16 addresses in the trace results report to the following address: 23DhqhsKDDpFnH2GreWy7Sk4dqUmGCCVPGk5Lpr84jxzBh5T
(by hand using Subscan)

Seems like this is the core-address of the misconfiguration-abuser. It is one of the few addresses involved, that was very active not just 3 days ago, but long before everything went down.
Investigations should focus on this address and it’s transactions.

Dunno if this helps, did it out of curiosity. But now that I found the stash, I thought I should report it somewhere.

Don’t pretend to be “supporting” Acala if you’re not in favor of reverting this error.

This is decentralized, there will be a referendum and you can vote, now if ACA holder vote for reverting the error, then the erroneous amount will be burnt, as it should have. It’s not because your candidate at an election isn’t elected that this is not a democracy.

Now face the reality, you have been draining fund that were not meant to be in your wallet. If you go to a supermarket and an article falls into your bag, then you go out without paying it, this is just like stealing it. Paying for it is normal. There was a mistake, and thanks to governance, this will hopefully be repaired, and you will be able to see Acala survive and create a lot of new cool things. Supporting a project means thinking in the project’s best interest, not in your own.

I don’t see any reward claimed after the error went live or anything, what makes you think the aUSD are part of the wrongly minted ones?

Found another 30k of AUSD at this address:
zyBVd7Y5h4UaGjmnCPvkJ76KcJfdJtXkeoJXoy7xWZ4H1Pe

Another stash of 116k of ACA:
23LKRgAoCHMNkJqaBvcQBYcSjYhw6hGhtQW7bosNZbgMRi6w

Well, I traced it from one of the 16 addresses in the trace results report.
Plus the timestamps are very suspicious. Can’t say for sure what kind of AUSD they are. But the address definitely belongs to one of the guys who used the misconfiguration.

If you look at the timestamps of the transfers of the account, you can also see that a lot happened here during the… we kinda still need a name for this thing ^^.