For a few surreal moments on Oct. 15, the Ethereum blockchain seemed to host the financial equivalent of a dream.
Paxos, the issuer behind PayPal’s stablecoin PYUSD, accidentally minted $300 trillion worth of tokens, which is roughly 300 times the global GDP, before burning them just as fast.
The minting, visible on Ethereum’s public ledger, sent analysts, traders, and bots into overdrive.
Within minutes, Paxos confirmed the incident resulted from an internal operational error, not a hack. The firm said no user funds were impacted.
Still, the sheer number involved in the mistake made “PYUSD” the most discussed coin in crypto for 24 hours straight. Blockchain analytics firm Santiment reported thousands of mentions per minute as social media reacted in disbelief.
What happened?
Blockchain security firm Quill Audits traced the mishap to the token’s contract structure.
According to the security firm, the PYUSD contract gave one externally owned address (EOA) unrestricted minting and burning rights with no rate limits, amount caps, or multi-party approvals.
It added that the single key executed three transactions in quick succession: minting $300 trillion PYUSD, burning it, and then minting another $300 billion.
Considering this, Quill Audits concluded that:
“This suggests a backend system bug or a catastrophic human error— or all two.”
Meanwhile, Sam Ramirez, lead engineer at Argentum, suggested that Paxos initially meant to transfer 300 million PYUSD between wallets but mistakenly burned it.
According to him, the attempt to restore those tokens allegedly resulted in the 300-trillion overmint.
Lessons?
The Paxos mistake might have been harmless, but its implications aren’t. Over $300 billion in stablecoins now circulate globally, moving billions daily across Ethereum, Solana, and Tron.
At that scale, even a single automation error could cascade through decentralized lending protocols, liquidity pools, and payment rails. Notably, the error resulted in Aave, the largest DeFi protocol, freezing PYUSD transactions.
Considering this, the glitch has reignited debates about how stable collateralization should work.
Unlike algorithmic stablecoins, asset-backed tokens such as PYUSD rely on off-chain reserves, such as US Treasuries and cash equivalents held in the issuer’s custody, to maintain their peg.
Critics argue that the ability to mint new tokens without immediate proof of collateral contradicts the entire model.
Chainlink’s Zach Ryan argued that the event could have been prevented altogether with Proof of Reserve (PoR) checks built directly into minting contracts. He said:
“This prevents ‘infinite mint attacks’ where a massive amount of unbacked tokens are minted, putting at risk all the markets that list and support the token.”
Chainlink is an Oracle blockchain network that acts as a secure bridge between blockchains and external, real-world data.
Moreover, the incident has shed light on why financial regulators have recently become significantly interested in the emerging sector.
Like Federal Reserve Governor Christopher Waller recently pointed out in a September speech, digital payment systems must be “hardened against misuse, with redundancy and safeguards that match the scale of global payments.”
He wasn’t speaking about Paxos specifically, but the message fits. The infrastructure now underpinning billions in daily settlements cannot rely on goodwill or reaction speed alone.
