What is an Infinite Mint Attack?
An infinite mint attack exploits vulnerabilities in a token's minting mechanism to create an unlimited or extremely large number of tokens. By flooding the market with newly minted tokens, attackers destroy the token's value through hyperinflation while extracting value by selling the minted tokens before the price fully crashes.
How it Works
Infinite mint attacks target flaws in token creation logic that allow unauthorized minting or minting beyond intended limits.
Common infinite mint vulnerabilities include:
- Access Control Failures: Minting functions callable by anyone
- Integer Overflow: Mint calculations wrap around to create excess tokens
- Bridge Vulnerabilities: Cross-chain bridges tricked into minting unbacked tokens
- Rebase Errors: Elastic supply tokens with exploitable rebase logic
- Governance Exploits: Passing proposals that grant minting rights
Attackers typically mint maximum possible tokens, dump them on exchanges, and crash the price to near zero.
Practical Example
The Cover Protocol attack in 2020 allowed anyone to mint unlimited tokens due to an access control flaw. The attacker minted quadrillions of COVER tokens and sold them before the price collapsed. The Paid Network exploit minted 59 million tokens and dumped them for $3 million in ETH. Wormhole's $320 million exploit involved minting unbacked wrapped ETH on Solana.
Why it Matters
Infinite mint attacks are among the most devastating in DeFi because they destroy the entire token economy. Recovery is nearly impossible once hyperinflation occurs. Protocols must implement rigorous access controls on minting functions, supply caps, and monitoring for abnormal minting activity.
Fensory analyzes protocol token mechanics and access controls, helping users identify projects with robust minting safeguards that protect against infinite mint vulnerabilities.