Which internal controls could help Paxos to prevent the accidental mint of $300T PYUSD?
We dig into the underlying reasons caused the accidental minting of $300T PYUSD by Paxos last month, and suggest some internal controls that could have helped preventing this error.
In October 2025, Paxos accidentally minted about $300 trillion worth of PYUSD stablecoin (see transaction), then burned the excess tokens shortly after. No user funds were affected, but it is a great case study in how integer math, decimals, and weak controls can collide. We already talked about this incident here.
Ethereum’s EVM has no native support for decimals or fractions, so all ERC20 tokens are represented as whole numbers. Tokens define their precision through the decimals field. Decimals split a token into minimal units, and the EVM does all calculations using whole numbers of these units. Using just two decimals is often too coarse for on-chain fees, transfers, and DeFi integrations. Stablecoins, therefore, choose the number of decimals to balance usability and precision. Six decimals (for example, USDC, PYUSD) and 18 decimals (for example, DAI) are common.
PYUSD uses 6 decimals (see the contract implementation), meaning 1 PYUSD is actually 1,000,000 units on chain. When someone wants to mint 300 million PYUSD, they must pass an integer equal to:
300 000 000 × 10^6 = 300 000 000 000 000 units
It is easy to miscount zeros or mix up the expected unit format, especially when decimals differ across tokens or internal tools show raw numbers. Paxos described the $300T mint as an internal technical error during an internal transfer, and public analysis indicates it was essentially a decimal or unit mismatch – a fat finger error on the integer amount required for minting.
There are a few simple controls that could prevent this kind of mistake:
Review and approval with proper segregation of duties. Each mint should be reviewed by another person who reconciles the amount to the USD collateral received.
Using a multi-signature wallet for the minting process, where multiple approvers must sign before minting, would be even stronger.
A minting interface that requires dual confirmation. The operator should enter the mint amount in both PYUSD (human-friendly) and raw on-chain units (6 decimals), with the system calculating and displaying both clearly before approval. The confirmation screen should explicitly show something like: “You are about to mint 300 000 000.00 PYUSD (300 000 000 000 000 units).”
A few simple checks and better tooling would make errors of this scale nearly impossible and strengthen trust in the system.