An infinite mint attack occurs when an unwanted entity or hacker mints an absurd ("infinite") amount of tokens within a protocol.
An infinite mint attack occurs when an unwanted entity or hacker mints an absurd amount of tokens
within a protocol, increasing its supply to an unhealthy amount, which debases the value of each token. The process typically unfolds swiftly, with attackers taking home millions of dollars worth of tokens. Attackers often proceed to dump all the minted tokens on the market and cause the price to crash.
systems are vulnerable to this type of attack mainly because of security lapses, which allow hackers to exploit bugs and other code vulnerabilities. In the Cover Protocol attack, hackers exploited shield mining contracts, which enabled them to gain unauthorized crypto rewards from the protocol. The hacker managed to exploit 40 quintillion tokens on the Cover staking pool
, causing its token price to plummet by 97%. In this case, the attacker liquidated
more than 11,700 coins via 1inch
and stole around $5 million worth of tokens.
To prevent an infinite mint attack, the most common approach is to include a proof-of-work
(PoW) algorithm in the blockchain. This requires miners to solve complex mathematical problems in order to add a new block to the chain, making it difficult and expensive for attackers to create new coins, as they would need to expend a lot of computing power
These measures can help to secure the network
further and reduce the risk of an infinite mint attack. The best prevention for infinite mint attacks is a series of smart contract audits
from various firms. However, audits do not guarantee that a protocol is completely secure.
The Cover Protocol exploit in 2020 was a cybersecurity attack that exploited a vulnerability in a Cover Protocol smart contract. The vulnerability allowed attackers to mint an unlimited amount of COVER
tokens, resulting in the attackers minting over $37 million worth of COVER tokens. The attackers then sold the tokens on decentralized exchanges
. The vulnerability in the Cover Protocol smart contract was discovered and patched by the security firm, PeckShield.