An infinite mint attack occurs when an unwanted entity or hacker mints an absurd ("infinite") amount of tokens within a protocol.
An infinite mint attack occurs when an unwanted entity or hacker mints an absurd amount of
tokens within a protocol, increasing its supply to an unhealthy amount, which debases the value of each token. The process typically unfolds swiftly, with attackers taking home millions of dollars worth of tokens. Attackers often proceed to dump all the minted tokens on the market and cause the price to crash.
Blockchain systems are vulnerable to this type of attack mainly because of security lapses, which allow hackers to exploit bugs and other code vulnerabilities. In the Cover Protocol attack, hackers exploited shield mining contracts, which enabled them to gain unauthorized crypto rewards from the protocol. The hacker managed to exploit 40 quintillion tokens on the Cover
staking pool, causing its token price to plummet by 97%. In this case, the attacker
liquidated more than 11,700 coins via
1inch and stole around $5 million worth of tokens.
To prevent an infinite mint attack, the most common approach is to include a
proof-of-work (PoW) algorithm in the blockchain. This requires miners to solve complex mathematical problems in order to add a new block to the chain, making it difficult and expensive for attackers to create new coins, as they would need to expend a lot of
computing power.
These measures can help to secure the
network further and reduce the risk of an infinite mint attack. The best prevention for infinite mint attacks is a series of
smart contract audits from various firms. However, audits do not guarantee that a protocol is completely secure.
The Cover Protocol exploit in 2020 was a cybersecurity attack that exploited a vulnerability in a Cover Protocol smart contract. The vulnerability allowed attackers to mint an unlimited amount of
COVER tokens, resulting in the attackers minting over $37 million worth of COVER tokens. The attackers then sold the tokens on
decentralized exchanges. The vulnerability in the Cover Protocol smart contract was discovered and patched by the security firm, PeckShield.