For a few surreal moments on October 15, the Ethereum blockchain seemed to host the financial equivalent of a dream.
Paxos, the issuer of PayPal’s PYUSD stablecoin, accidentally minted $300 trillion worth of tokens, roughly 300 times global GDP, before burning them just as quickly.
The minting, visible on Ethereum’s public ledger, sent analysts, traders and bots into a frenzy.
Within minutes, Paxos confirmed that the incident was the result of an internal operational error and not a hack. The company said no user funds were affected.
Still, the sheer number involved in the error made “PYUSD” the most talked about coin in crypto for 24 hours straight. Blockchain analytics firm Santiment reported thousands of mentions per minute as social media reacted with disbelief.
What happened?
Blockchain security firm Quill Audits attributed the incident to the contractual structure of the token.
According to the security company, the PYUSD contract granted an external address (EOA) unrestricted minting and burning rights, without rate limits, amount caps, or multi-party approval.
He added that the single key executed three transactions in rapid succession: minting $300 trillion worth of PYUSD, burning it, then minting another $300 billion.
Given this, Quill Audits concluded that:
“This suggests a backend system bug or catastrophic human error, or both.”
Meanwhile, Sam Ramirez, chief engineer at Argentum, suggested that Paxos had originally planned to transfer 300 million PYUSD between wallets, but burned it by mistake.
According to him, the attempt to restore these tokens would have resulted in a surplus of 300,000 billion.
Lessons?
Paxos’ error might have been harmless, but its implications were not. More than $300 billion worth of stablecoins are now circulating around the world, moving billions across Ethereum, Solana, and Tron daily.
At this scale, even a simple automation error could ripple across decentralized lending protocols, liquidity pools, and payment pathways. Notably, the error led Aave, the largest DeFi protocol, to freeze PYUSD transactions.
Given this, this issue has reignited debates about how a stable guarantee should work.
Unlike algorithmic stablecoins, asset-backed tokens such as PYUSD rely on off-chain reserves, such as U.S. Treasuries and cash equivalents held by the issuer, to maintain their peg.
Critics argue that the ability to create new tokens without immediate proof of collateral contradicts the entire model.
Zach Ryan of Chainlink argued that the event could have been completely avoided thanks to proof-of-reserve (PoR) controls built directly into minting contracts. He said:
“This prevents “infinite attacks” where a massive amount of uncollateralized tokens are minted, putting all exchanges that list and support the token at risk.”
Chainlink is an Oracle blockchain network that acts as a secure bridge between blockchains and real-world external data.
Additionally, the incident shed light on why financial regulators have recently taken a significant interest in the emerging sector.
As Federal Reserve Governor Christopher Waller recently noted in a speech in September, digital payment systems must be “hardened against misuse, with redundancy and safeguards suited to the scale of global payments.”
He wasn’t talking specifically about Paxos, but the message is relevant. The infrastructure that supports billions of daily transactions today cannot rely on goodwill or speed of response alone.
