Infinite Mint Attack

An infinite mint attack occurs when an unwanted entity or hacker mints an absurd (“infinite”) amount of tokens within a protocol.


What Is an Infinite Mint Attack?

An infinite mint attack occurs when an unwanted entity or hacker mints an absurd amount of tokens within a protocol, increasing its supply to an unhealthy amount, which debases the value of each token. The process typically unfolds swiftly, with attackers taking home millions of dollars worth of tokens. Attackers often proceed to dump all the minted tokens on the market and cause the price to crash.
Blockchain systems are vulnerable to this type of attack mainly because of security lapses, which allow hackers to exploit bugs and other code vulnerabilities. In the Cover Protocol attack, hackers exploited shield mining contracts, which enabled them to gain unauthorized crypto rewards from the protocol. The hacker managed to exploit 40 quintillion tokens on the Cover staking pool, causing its token price to plummet by 97%. In this case, the attacker liquidated more than 11,700 coins via 1inch and stole around $5 million worth of tokens. 

How to Prevent an Infinite Mint Attack in Crypto?

To prevent an infinite mint attack, the most common approach is to include a proof-of-work (PoW) algorithm in the blockchain. This requires miners to solve complex mathematical problems in order to add a new block to the chain, making it difficult and expensive for attackers to create new coins, as they would need to expend a lot of computing power.

Other measures include:

  • Introducing a proof-of-stake (PoS) system.
  • Implementing a fixed cap on the total supply of coins.
  • Introducing masternodes to the network.
These measures can help to secure the network further and reduce the risk of an infinite mint attack. The best prevention for infinite mint attacks is a series of smart contract audits from various firms. However, audits do not guarantee that a protocol is completely secure.

Examples of Infinite Mint Attacks

The Cover Protocol exploit in 2020 was a cybersecurity attack that exploited a vulnerability in a Cover Protocol smart contract. The vulnerability allowed attackers to mint an unlimited amount of COVER tokens, resulting in the attackers minting over $37 million worth of COVER tokens. The attackers then sold the tokens on decentralized exchanges. The vulnerability in the Cover Protocol smart contract was discovered and patched by the security firm, PeckShield.