Are the current Polkadot parachains safe?

Recently the Acala protocol was attacked and the exploiter was able to print 1.2 billion of aUSD

Fortunately, the Acala team reacted to the attack in a short time and stopped all the operations on the protocol. For now, the situation is still under research and discovering a solution.

The given attack has reminded everyone of some critical issues in parachains security, which should be considered by all the projects in the Polkadot and Kusama ecosystem.


Substrate runtime forkless updates

Unlike many blockchains, the Substrate development framework supports forkless upgrades to the runtime that is the core of the blockchain. Most blockchain projects require a hard fork of the code base to support the ongoing development of new features or enhancements to existing features. 

Due to such forkless upgrades, most of them are not audited properly. Usually, projects complete audits only of the initial versions before the launch.

So, each pallet (a building block of any substrate chain) that can be used for forkless upgrades at any time should be also carefully audited.

Cross consensus message (XCM)

Polkadot’s architecture allows parachains to natively interoperate with each other, enabling cross-blockchain transfers of any type of data or asset.

There is another vulnerability. If any project connected to other ones via cross-blockchain transfers gets exploited, stolen funds can flow to other blockchains and create a lot of troubles for their ecosystem as well as for their liquidity.

Canary network testing

Many projects diminish the value of testing the new features and pools at the canary network. Initially, Kusama is the canary network and serves as a testing ground for the mainnet. Such a network allows the developers to test any new features and upgrades before going to mainnet.



So, the recent attack has demonstrated that parachains require more specific and deep security audits, considering substrate based chains features.

Moreover, due to the Polkadot parachains structure, a successful attack on one parachain can be dangerous to the other projects connected via cross consensus message format.

Tell us about your project

  • This field is required
  • This field is required
    • whatsapp icon WhatsApp
    • telegram icon Telegram
    • wechat icon WeChat
    • signal icon Signal
  • This field is required
  • This field is required
  • This field is required
  • This field is required
This field is required
departure icon

Thank you for your request

Get security score on

  • certified logo
  • coingeco logo
  • coin market cap logo

1,070+ projects audited

companies logos

Apply for partnership

  • This field is required
  • This field is required
  • This field is required
  • This field is required
    • Foundation
    • VC
    • Angel investments
    • IDO or IEO platform
    • Protocol
    • Blockchain
    • Legal
    • Insurance
    • Development
    • Marketing
    • Influencer
    • Other
This field is required
This field is required
departure icon

Thank you for your request

Get security score on

  • certified logo
  • coingeco logo
  • coin market cap logo

1,070+ projects audited

companies logos

Get in touch

  • This field is required
  • This field is required
  • This field is required
  • This field is required
This field is required
By submitting this form you agree to the Privacy Policy and information beeing used to contact you
departure icon

Thank you for your request

Get security score on

  • certified logo
  • coingeco logo
  • coin market cap logo