{"id":4370,"date":"2025-10-28T08:36:54","date_gmt":"2025-10-28T08:36:54","guid":{"rendered":"https:\/\/tde.fi\/founder-resource\/"},"modified":"2025-10-28T08:38:16","modified_gmt":"2025-10-28T08:38:16","slug":"300-trillion-pyusd-minted-proof-of-reserves-or-bust","status":"publish","type":"post","link":"https:\/\/tde.fi\/founder-resource\/blogs\/stablecoin\/300-trillion-pyusd-minted-proof-of-reserves-or-bust\/","title":{"rendered":"$300 Trillion PYUSD Minted, Proof-of-Reserves or Bust?"},"content":{"rendered":"\n

You wake up, open your feed, and see: \u201c$300 trillion PYUSD minted.\u201d Your first thought: \u201cDid DeFi just break?\u201d The short answer: no. The longer answer is the real story\u2014and the lesson. This was not a hack. It was a big operations mistake by Paxos (the issuer of, PYUSD) that lived on-chain for ~22 minutes<\/strong> and then was burned to zero. Also this is not the first time, You might remember Tether (USDT)<\/strong> accidentally minting $5B<\/strong> in 2019<\/strong> during a chain swap. They burned it minutes later. Both episodes are human\/ops errors in centralized stablecoins, not blockchain exploits. <\/p>\n\n\n\n

Let\u2019s discuss, the incident shows how much power centralized stablecoin issuers hold\u2014and what guardrails we all need. <\/p>\n\n\n\n

What actually happened!!<\/strong><\/h2>\n\n\n\n

On Oct 15, 2025 at 19:12 UTC<\/strong>, a Paxos-controlled address (\u201cPaxos 7\u201d) called increaseSupply<\/strong> on the PYUSD contract and minted 300,000.00 B<\/strong> PYUSD\u2014that\u2019s 300 trillion<\/strong> tokens. At 19:34 UTC<\/strong>, the same address called decreaseSupply <\/strong>and burned the entire amount. Gas to mint: about $2.47<\/strong>. Gas to burn: about $2.23<\/strong>. No funds moved to exchanges or lending markets in between. That\u2019s why nothing blew up. <\/p>\n\n\n\n

Paxos said it was an internal technical error during an internal transfer<\/strong>, not a security breach. A few minutes later, they posted that they\u2019d fixed it. <\/p>\n\n\n\n

\"\"<\/figure>\n\n\n\n

Not a hack\u2014an ops error with big buttons<\/strong><\/h2>\n\n\n\n

Why did this turn into a headline? Two details:<\/p>\n\n\n\n

    \n
  • PYUSD uses 6 decimals<\/strong>. If someone meant to mint hundreds of millions but entered base units wrong, it\u2019s easy to overshoot by \u00d71,000,000<\/strong>. Etherscan\u2019s event log shows the raw value 300000000000000000000; with 6 decimals, that equals 300,000,000,000,000<\/strong> tokens.
    <\/li>\n\n\n\n
  • PYUSD runs behind an upgradeable proxy<\/strong> with privileged roles that can mint\/burn. That\u2019s standard for custodial stables\u2014but it means a single bad parameter can spike supply and a single admin call can undo it. (We need measures to fix this )
    <\/li>\n<\/ul>\n\n\n\n

    Why DeFi didn\u2019t break: freezes, oracles, calm heads<\/strong><\/h2>\n\n\n\n

    Because the tokens never left the Paxos minter<\/strong>, nobody could race to deposit the \u201cnew\u201d PYUSD as collateral or swap it into other assets. Aave<\/strong> (via Chaos Labs<\/strong>) temporarily froze PYUSD markets as a precaution and later unfroze<\/strong> them once it was clear this was an ops mistake, not a live risk. Price-wise, PYUSD barely wobbled around $1. That combination\u2014no distribution plus fast protocol risk controls\u2014kept the blast radius near zero. <\/p>\n\n\n\n

    At today\u2019s size, PYUSD\u2019s market cap sits around $2.6B<\/strong>. So a $300T mint was more than 100,000\u00d7<\/strong> that\u2014a number bigger than global GDP\u2014showing how little on-chain cost it takes to alter token supply in admin-minted systems. After the burn, supply returned to normal; reporting suggests Paxos then minted about $300M<\/strong> (the likely intended size) as part of routine ops.<\/p>\n\n\n\n

    Design lesson: don\u2019t let \u201cinfinite mint\u201d be one call away<\/strong><\/h2>\n\n\n\n

    Custodial stables are programmable IOUs. That\u2019s a feature for redemptions\u2014and a risk when mistakes happen. Two concrete guardrails reduce the blast radius next time:<\/p>\n\n\n\n

      \n
    • On-chain proof-of-reserves (PoR) \u201cSecure Mint\u201d:<\/strong> Gate mint so the contract refuses<\/strong> new supply unless on-chain reserve feeds say there\u2019s backing. This is already live in production for some issuers (e.g., TUSD<\/strong>). If PYUSD\u2019s mint had been PoR-gated, the 300T<\/strong> mint would have failed automatically. Amazing right??
      <\/li>\n\n\n\n
    • Operational limits:<\/strong> Time-lock large mints, set role-based spend caps, and add circuit breakers in DeFi apps (e.g., pause when total supply jumps by N\u03c3 in one block\/epoch<\/strong>). These are standard safety patterns; for example the recent Aave freeze, we saw is exactly this muscle memory in action.<\/li>\n<\/ul>\n\n\n\n

      Takeaways for (builders, treasuries, traders)!!<\/strong>
      <\/h2>\n\n\n\n
        \n
      • Watch the chain, not the chatter.<\/strong> Subscribe to SupplyIncreased\/SupplyDecreased<\/strong> events for the stables you list or hold. Set an alert threshold for abnormal\/uncertain jumps. The two Etherscan receipts are your model\/way for what to track.
        <\/li>\n\n\n\n
      • Prefer venues with automatic circuit breakers.<\/strong> Use Auto-pause deposits\/borrows when supply jumps beyond your threshold, If your lender\/DEX can pause or cap assets when supply shocks hit, your downside is capped too.
        <\/li>\n\n\n\n
      • Push issuers (and yourselves) toward PoR-gated mints.<\/strong> If mint can\u2019t proceed without proof of reserves, big mints become self-reverting<\/strong> by design. Only list stables whose minting checks an on-chain proof-of-reserves (PoR) feed. If no PoR gate, treat the asset as transfer-only (no collateral use) until risk is signed off. (some issuers like TUSD is doing this !!<\/strong>)
        <\/li>\n<\/ul>\n","protected":false},"excerpt":{"rendered":"

        You wake up, open your feed, and see: \u201c$300 trillion PYUSD minted.\u201d Your first thought: \u201cDid DeFi just break?\u201d The short answer: no. The longer…<\/p>\n","protected":false},"author":12,"featured_media":4372,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[1,154,165],"tags":[],"class_list":["post-4370","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-blogs","category-complaince","category-stablecoin"],"_links":{"self":[{"href":"https:\/\/tde.fi\/founder-resource\/wp-json\/wp\/v2\/posts\/4370","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/tde.fi\/founder-resource\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/tde.fi\/founder-resource\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/tde.fi\/founder-resource\/wp-json\/wp\/v2\/users\/12"}],"replies":[{"embeddable":true,"href":"https:\/\/tde.fi\/founder-resource\/wp-json\/wp\/v2\/comments?post=4370"}],"version-history":[{"count":2,"href":"https:\/\/tde.fi\/founder-resource\/wp-json\/wp\/v2\/posts\/4370\/revisions"}],"predecessor-version":[{"id":4374,"href":"https:\/\/tde.fi\/founder-resource\/wp-json\/wp\/v2\/posts\/4370\/revisions\/4374"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/tde.fi\/founder-resource\/wp-json\/wp\/v2\/media\/4372"}],"wp:attachment":[{"href":"https:\/\/tde.fi\/founder-resource\/wp-json\/wp\/v2\/media?parent=4370"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/tde.fi\/founder-resource\/wp-json\/wp\/v2\/categories?post=4370"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/tde.fi\/founder-resource\/wp-json\/wp\/v2\/tags?post=4370"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}