An infinite mint attack occurs when a malicious entity hacks a protocol and begins minting an excessive number of tokens. When that happens, it inflates the supply to an unmanageable level. The result is that the price of the tokens drops.
Reason for the Attack
An Infinite Mint Attack is executed by a malicious attack quickly. The goal is for the attacker to make as much money as possible in the shortest time. When the attacker begins minting the tokens, they will mint as many of them as possible. They will then swap these tokens for other tokens. Before the market has time to react, they will leave the holders of the minted tokens holding worthless tokens.
Why They Happen
Infinite mint attacks occur due to vulnerabilities in the code. These issues allow a hacker to take advantage of a bug and begin minting tokens. The most robust defense against such an attack is to conduct smart contract audits by different firms. However, these audits do not guarantee that an attack will not occur.
Examples of Infinite Mint Attacks
A good example of an infinite mint attack is the Cover Protocol hack. In the attack, hackers exploited a vulnerability in the mining contract code. They came up with an infinite amount of COVER tokens, which they used to steal over $4.4 million from the project. Hackers took advantage of the code bug and came up with 40 quintillion tokens, which caused the price to drop by 97%.
The most recent example of an infinite mint attack was on the Cashio Dollar network, an algorithmic stablecoin backed by USDT-USDC LP. Hackers managed to exploit a glitch and drained $28 worth of assets from the Cashio liquidity pools.
The attackers minted two billion CASH stablecoins, which they swapped for other paired assets via the Saber decentralized exchange. Saber later stopped all CASH transactions, but it was already too late. Due to the attack, the value of CASH, which is supposed to closely mirror that of the USD, dropped to zero.
How to Prevent Future Attacks
It is almost impossible to prevent an attacker from committing a malicious act once they identify a problem with the code. The only way to avoid it is to have the code carefully examined for weaknesses. Unfortunately, the DeFi space is still young, and there is not much money flowing into it, especially in small projects.
It often comes down to an issue of resources; smaller projects do not have the funds needed to conduct an in-depth audit to secure the code. To prevent these issues, there will need to be solutions developed within the DeFi world that lower the cost of conducting an audit.
It is also up to the developer community to take time and carefully examine the code when they invest in a project. Anyone with developer experience should assume that a nascent project in which they invest in the DeFi world has code issues. Doing so will ensure a project’s community is always on the lookout for any problems.