On October 15th, the Ethereum blockchain experienced a brief, almost unbelievable moment that resembled a financial fantasy.
Paxos, the company responsible for PayPal’s stablecoin, PYUSD, mistakenly generated $300 trillion worth of the tokens – an amount roughly equivalent to 300 times the world’s entire gross domestic product. The tokens were then immediately destroyed, or “burned.”
The event, which was publicly visible on the Ethereum blockchain, triggered a flurry of activity among analysts, traders, and automated trading programs.
Within minutes, Paxos issued a statement confirming that the immense minting was the result of an internal operational oversight, and not a security breach or hack. The company also assured users that no funds were compromised as a result of the error.
Nevertheless, the sheer magnitude of the sum involved meant that “PYUSD” became the most talked-about cryptocurrency for a full 24-hour period. Santiment, a blockchain analytics provider, noted a surge in mentions on social media, registering thousands of posts per minute as users reacted with disbelief.
What Prompted This Occurrence?
The blockchain security firm, Quill Audits, analyzed the situation and traced the origin of the error to the token’s underlying contract structure.
According to Quill Audits’ findings, the PYUSD smart contract granted a single, externally owned account (EOA) complete authority to both mint and burn tokens without any limitations on the amount, rate, or necessity for multi-signature approvals.
The security firm further revealed that the single, authorized key performed three rapid transactions: first minting the $300 trillion PYUSD, then burning that amount, and subsequently minting another $300 billion.
Given these circumstances, Quill Audits surmised that:
“This points towards either a bug within the backend system or a serious human error – or possibly both.”
Meanwhile, Sam Ramirez, the lead engineer at Argentum, speculated that Paxos’ initial intention was to transfer 300 million PYUSD between different wallets, but they mistakenly burned them instead.
He suggested that the company’s attempt to rectify this initial error potentially led to the massive over-minting of 300 trillion tokens.
What Are the Takeaways?
While the Paxos incident was quickly rectified, it underscores important considerations. Currently, over $300 billion in stablecoins are in circulation worldwide, facilitating billions of dollars in daily transactions across various blockchains including Ethereum, Solana, and Tron.
Given this extensive scale, even a single, small automation failure could have far-reaching consequences, impacting decentralized lending platforms, liquidity pools, and payment systems. In fact, the incident led Aave, a prominent DeFi platform, to temporarily freeze transactions involving PYUSD.
Consequently, this event has sparked fresh discussions on the best practices for stablecoin collateralization.
In contrast to algorithmic stablecoins, asset-backed stablecoins like PYUSD depend on reserves held off-chain, like US Treasury bonds and cash equivalents managed by the issuer, to ensure price stability.
Critics contend that the capacity to create new tokens without providing immediate verification of corresponding collateral undermines the fundamental principles of this model.
Zach Ryan from Chainlink, suggested that integrating Proof of Reserve (PoR) checks directly into minting contracts could prevent such incidents. He stated:
“This would block ‘infinite mint attacks’ where a huge volume of unbacked tokens are minted, endangering all markets that list and support that specific token.”
Chainlink operates as a decentralized oracle network, providing a secure bridge for data transfer between blockchains and external, real-world data sources.
Moreover, this situation highlights the increasing regulatory scrutiny directed towards the cryptocurrency sector.
As Federal Reserve Governor Christopher Waller stated in a recent speech in September, modern digital payment networks must be “robust against potential abuse, and feature sufficient redundancies and safeguards to accommodate the size and scope of global payments.”
While his comments weren’t specifically directed at Paxos, they are highly relevant. The infrastructure that supports billions in daily settlements needs to be reliable and resilient, not solely dependent on trust or the speed of reaction to errors.