Web3 Daily

View Original

The ‘Infinite Mint Hack’ and What You Can Do About It

See this content in the original post

TL;DR

  • The ‘infinite mint hack’ is when a malicious actor changes the smart contract code, letting them mint more tokens than the total supply.

Full Story

We just heard of something pretty horrifying.

It’s called an ‘infinite mint attack’.

Here’s how it works:

You know how some crypto projects have a limited supply?

Take BTC for example - only 21M BTC ever have been, and ever will be, created.

Which is super important for the project’s tokenomics.

(I.e. The way an investor can gauge value by analyzing supply and demand).

Look, we’re not developers, far from it, but what we know is that each time tokens are minted, somewhere in a project’s smart contract code lies the specific number for the total supply.

But what happens if a hacker is able to change that number? What about if they turned that number from 10M to 10B (for example)?

Then, when minting new tokens, they can mint an infinite amount.

At first it may be hard to tell. If the project has significant liquidity, chances are the hacker will be able to sell some of the tokens without being noticed.

…until they’re caught.

Which will then likely tank the price of the existing tokens and ruin the party for all of the good actors who invested because they believed in the project.

This is exactly what happened a while back during the Paid Network hack.

The way for companies to overcome the infinite mint hack is through frequent smart contract audits - and for investors, it’s always best to find out when the most recent smart contract audit was completed before investing heavily in a project.

Stay safe out there!