Market Cap: 24h Vol: BTC: BTC Dom:
Gold: S&P 500: EUR/USD: Oil (BRENT):

Infinite Mint Attack

An infinite mint attack targets the single function inside a smart contract that is supposed to be guarded most carefully: the one that creates new token supply. The underlying flaw is usually specific rather than generic, a missing access check on the mint function, a broken reward-accounting variable, or an integer overflow that tricks the contract into believing collateral was deposited when it never was. Because blockchain transactions settle instantly and cannot be reversed, an attacker who finds the bug can create millions, or even trillions, of tokens in a single transaction, long before a team can react.

The exploit almost always follows the same pattern: the freshly minted tokens are swapped for stablecoins or other assets through a decentralized exchange or liquidity pool before anyone confirms the breach, which crashes the token's price toward zero and strips the pools that other holders relied on for exit liquidity. Cover Protocol lost roughly $37 million this way in December 2020 after a flaw in its staking-rewards accounting let attackers mint an astronomical amount of COVER tokens. The Solana stablecoin Cashio was minted to worthlessness in 2022 through a missing collateral check, and in June 2026 an attacker drained $4.67 million from a Secret Network bridge by forging cross-chain deposits that minted unbacked wrapped tokens.

Because the damage happens in one atomic transaction, prevention depends on catching the flaw before deployment: rigorous security audits, multisignature-gated minting rights, and real-time supply-monitoring alerts. Even audited protocols remain at some risk, since new code paths can hide the same class of error.