Author: J.A.E
In the early hours of October 16, a dramatic scene unfolded in the crypto market as the stablecoin issuer Paxos suddenly minted and destroyed 300 trillion PayPal USD (PYUSD), leaving the market bewildered. This "blunder" was not merely a simple human error; it vividly revealed the inherent vulnerabilities of centralized stablecoins in terms of technical governance and internal controls.
The Largest "Blunder" in History: Paxos Accidentally Minted 300 Trillion PYUSD
The incident began with an internal operation at Paxos. Based on its transaction records on Etherscan, it is inferred that Paxos was supposed to prepare to transfer 300 million PYUSD between different wallets but accidentally destroyed it instead.
The 300 million PYUSD accounted for over 11% of the total circulating supply, reaching a certain scale. However, since the destruction essentially reduced the circulating supply, it only led to a short-term contraction in supply and did not affect the pegging mechanism. Nevertheless, this accidental destruction was merely the prologue to a subsequent catastrophic error.
While attempting to correct its mistake, Paxos experienced a "fat finger" incident (a type of parameter input error, typically characterized by adding a few extra zeros), accidentally minting a supply of 300 trillion PYUSD. According to CoinMarketCap, the current market cap of PYUSD is only about $2.6 billion, meaning the erroneous minting amount was equivalent to 113,250 times the circulating supply, creating a stark contrast. If valued at $1, the total erroneous minting of PYUSD would be more than twice the global GDP, far exceeding the M1/M2 of the United States and the entire crypto market cap. This means that even if Paxos had sufficient reserves, facing a supply of 300 trillion would instantly reduce its asset collateralization ratio to zero, rendering the PYUSD held by users worthless, leading to a collapse of market confidence and triggering a chain reaction.
Additionally, if this massive amount of PYUSD were used for on-chain transactions and captured by arbitrage bots or market makers, even for just a few seconds, it would lead to a severe imbalance in liquidity pools on DEXs and prompt a rapid decoupling of PYUSD's price. In the AMM model, the sudden increase in supply would cause the price of PYUSD relative to other assets to plummet, resulting in a severe decoupling. The leading DeFi lending protocol Aave urgently froze the PYUSD market after the incident to prevent potential risks. Omer Goldberg, founder of Chaos Labs, also posted on X platform stating that due to the unexpected high minting and destruction of PYUSD, he would temporarily freeze related transactions.
To avoid catastrophic consequences, Paxos had to take further destruction actions, removing the accidentally minted supply of 300 trillion PYUSD from its wallets to prevent the potential disaster that its minting error could cause to the ecosystem. After the incident was quelled, Aave also unfroze the related PYUSD market.
Although the issue with Paxos's minting was merely an internal technical failure, the emergency intervention process also reflects the paradox of centralized stablecoins: Even if the issuer has sufficient asset reserves and absolute minting/destruction authority, if there are flaws in technical governance and internal controls, their "God-like authority" over supply could lead to a systemic crisis.
Internal Issues as the Biggest Single Point of Risk: How Should Stablecoin Issuers Optimize?
Paxos has always marketed itself as regulated and compliant, viewing this as a competitive moat against other stablecoin issuers, especially when facing the less transparent Tether. However, this incident has led the market to question why a highly compliant regulated entity would allow such basic parameter input errors to pass through multiple security checks in its operational processes.
This technical issue has also made the market realize that while fiat reserves and regular audits are important, they do not eliminate risks associated with technical governance and internal controls. This "blunder" may erode Paxos's regulatory advantage, making its technical risk profile somewhat similar to that of its unregulated competitors.
Coincidentally, Tether also accidentally minted and destroyed about $5 billion worth of USDT in 2019. However, the scale of Paxos's error has raised broader concerns. This further indicates that fiat-backed stablecoins are not infallible, and their risk points may now include two additional issues related to technical governance and internal controls.
In the process of correcting the error, Paxos's "God-like authority" saved PYUSD from an instant collapse. To maintain a 1:1 peg, fiat-backed stablecoins must have absolute minting/destruction authority. However, this necessary evil is also the biggest single point of risk. To address the operational risks associated with this, stablecoin issuers should establish stricter internal control processes. However, this also means higher operational costs and levels of centralization.
Stablecoin issuers face a dilemma: how to maintain rapid intervention capabilities (centralization) while minimizing the probability of human operational errors (decentralization/automation processes)? This challenge will become a key issue in the governance of stablecoins in the future.
In response to this "blunder" caused by parameter input errors, stablecoin issuers like Paxos must implement fundamental strengthening in technical governance and internal controls: 1) On the technical side, set up anomaly detection and time-lock mechanisms; smart contracts should embed anomaly detection mechanisms, such as requiring any single minting or destruction amount exceeding a certain threshold of the total reserves (e.g., 10%) to initiate a cooling-off period of at least an hour, or the system should automatically halt the transaction and wait for manual approval; 2) On the internal control side, enforce multi-signature requirements; minting/destruction operations must adopt a strict multi-signature mechanism, requiring at least three executives with different functional backgrounds (e.g., technical, financial, compliance) to jointly approve and sign off to ensure the verification of input parameters.
Although Paxos's "fat finger" did not lead to a market collapse, it revealed systemic risks and served as a wake-up call for all issuers: The management of centralized stablecoins must delve deeper than mere reserve transparency into technical governance and internal controls to ensure they do not face market scrutiny due to basic parameter input errors again.
免责声明:本文章仅代表作者个人观点,不代表本平台的立场和观点。本文章仅供信息分享,不构成对任何人的任何投资建议。用户与作者之间的任何争议,与本平台无关。如网页中刊载的文章或图片涉及侵权,请提供相关的权利证明和身份证明发送邮件到support@aicoin.com,本平台相关工作人员将会进行核查。
