When Paxos’ backend systems inadvertently authorized a sequence of rapid transactions on October 15, 2025, the PYUSD smart contract on Ethereum briefly reflected an extraordinary and erroneous mint of roughly $300 trillion worth of tokens before the excess was burned minutes later, an event that exposed critical weaknesses in operational controls despite no evidence of an external breach. The chain record shows tokens minted from a Paxos hot wallet to the PYUSD contract in a burst of three rapid transactions: an initial, unintended transfer of 300 million PYUSD that appears to have precipitated a catastrophic overmint of about $300 trillion, a near-immediate burn that extinguished the vast majority of the excess, and a subsequent, smaller minting of roughly $300 billion. Paxos publicly attributed the anomaly to an internal technical fault and stressed that no external hack or compromise occurred. The incident occurred at 3:12 p.m. ET and was resolved within minutes. The magnitude of the mistake is difficult to overstate; the temporary supply spike equaled roughly 300 times global GDP and dwarfed estimates of the worldwide money supply, rendering it one of the largest token creation-and-destruction episodes in crypto history. Onchain observers and security firms noted a structural weakness in the PYUSD token contract: a single externally owned address (EOA) retained unrestricted minting and burning privileges, with no programmatic caps, rate limits, or multisignature controls to throttle or authorize extreme actions. Industry engineers characterized the situation as a collision of human error and backend system design shortcomings, though precise causal sequences remain under technical review. The episode occurred amid heightened market sensitivity following broader industry developments, including whales trimming positions and increased put option activity. This incident underscores the critical importance of contract audits in identifying vulnerabilities before they escalate into major financial errors.
Paxos’ backend glitch briefly overminted ~ $300 trillion PYUSD before a rapid burn—no external hack reported.
Markets reacted with caution but limited contagion. Aave and other DeFi venues paused PYUSD markets briefly as a protective measure, social media and analytics platforms recorded thousands of mentions per minute, and traders bid the stablecoin down by roughly 0.5% before stabilization following the burn. Paxos maintained that customer funds were never exposed and that normal operations resumed after corrective patches and heightened monitoring were implemented.
The incident prompted sober industry commentary about governance and engineering standards for stablecoins: experts urged mandatory anti-minting safeguards, multi-party authorizations, and transactional rate controls to reduce single-point failures. While PYUSD retained its place among the largest stablecoins, the episode highlighted systemic operational risks that merit urgent remediation across custodial-issuance infrastructures.
