You wake up, open your feed, and see: “$300 trillion PYUSD minted.” Your first thought: “Did DeFi just break?” The short answer: no. The longer answer is the real story—and the lesson. This was not a hack. It was a big operations mistake by Paxos (the issuer of, PYUSD) that lived on-chain for ~22 minutes and then was burned to zero. Also this is not the first time, You might remember Tether (USDT) accidentally minting $5B in 2019 during a chain swap. They burned it minutes later. Both episodes are human/ops errors in centralized stablecoins, not blockchain exploits.
Let’s discuss, the incident shows how much power centralized stablecoin issuers hold—and what guardrails we all need.
What actually happened!!
On Oct 15, 2025 at 19:12 UTC, a Paxos-controlled address (“Paxos 7”) called increaseSupply on the PYUSD contract and minted 300,000.00 B PYUSD—that’s 300 trillion tokens. At 19:34 UTC, the same address called decreaseSupply and burned the entire amount. Gas to mint: about $2.47. Gas to burn: about $2.23. No funds moved to exchanges or lending markets in between. That’s why nothing blew up.
Paxos said it was an internal technical error during an internal transfer, not a security breach. A few minutes later, they posted that they’d fixed it.
Not a hack—an ops error with big buttons
Why did this turn into a headline? Two details:
- PYUSD uses 6 decimals. If someone meant to mint hundreds of millions but entered base units wrong, it’s easy to overshoot by ×1,000,000. Etherscan’s event log shows the raw value 300000000000000000000; with 6 decimals, that equals 300,000,000,000,000 tokens.
- PYUSD runs behind an upgradeable proxy with privileged roles that can mint/burn. That’s standard for custodial stables—but it means a single bad parameter can spike supply and a single admin call can undo it. (We need measures to fix this )
Why DeFi didn’t break: freezes, oracles, calm heads
Because the tokens never left the Paxos minter, nobody could race to deposit the “new” PYUSD as collateral or swap it into other assets. Aave (via Chaos Labs) temporarily froze PYUSD markets as a precaution and later unfroze them once it was clear this was an ops mistake, not a live risk. Price-wise, PYUSD barely wobbled around $1. That combination—no distribution plus fast protocol risk controls—kept the blast radius near zero.
At today’s size, PYUSD’s market cap sits around $2.6B. So a $300T mint was more than 100,000× that—a number bigger than global GDP—showing how little on-chain cost it takes to alter token supply in admin-minted systems. After the burn, supply returned to normal; reporting suggests Paxos then minted about $300M (the likely intended size) as part of routine ops.
Design lesson: don’t let “infinite mint” be one call away
Custodial stables are programmable IOUs. That’s a feature for redemptions—and a risk when mistakes happen. Two concrete guardrails reduce the blast radius next time:
- On-chain proof-of-reserves (PoR) “Secure Mint”: Gate mint so the contract refuses new supply unless on-chain reserve feeds say there’s backing. This is already live in production for some issuers (e.g., TUSD). If PYUSD’s mint had been PoR-gated, the 300T mint would have failed automatically. Amazing right??
- Operational limits: Time-lock large mints, set role-based spend caps, and add circuit breakers in DeFi apps (e.g., pause when total supply jumps by Nσ in one block/epoch). These are standard safety patterns; for example the recent Aave freeze, we saw is exactly this muscle memory in action.
Takeaways for (builders, treasuries, traders)!!
- Watch the chain, not the chatter. Subscribe to SupplyIncreased/SupplyDecreased events for the stables you list or hold. Set an alert threshold for abnormal/uncertain jumps. The two Etherscan receipts are your model/way for what to track.
- Prefer venues with automatic circuit breakers. Use Auto-pause deposits/borrows when supply jumps beyond your threshold, If your lender/DEX can pause or cap assets when supply shocks hit, your downside is capped too.
- Push issuers (and yourselves) toward PoR-gated mints. If mint can’t proceed without proof of reserves, big mints become self-reverting by design. Only list stables whose minting checks an on-chain proof-of-reserves (PoR) feed. If no PoR gate, treat the asset as transfer-only (no collateral use) until risk is signed off. (some issuers like TUSD is doing this !!)
