Research: Stellar Quietly Patched a 2.25 Billion XLM “Inflation Bug” in April 2017
According to new research from Messari, Stellar, the world’s eighth largest cryptocurrency project by market cap, suffered an “inflation bug” in April 2017 which enabled attackers to create additional 2.25 billion XLM tokens. This, per a report by crypto research firm Messari, published March 27, 2019.
Hackers Minted 2.25 Billion XLM Tokens
Blockchain’s security has quickly placed it as a go-to technology for startups and large conglomerates alike.
The technology, in addition to providing rapid and transparent IT solutions, also offers an immutable ledger of records that is reasonably hard to tamper with once a transaction has been recorded on it.
However, according to a recent report by Messari, in April 2017, hackers were able to exploit the “MergeOPFrame::doApply” function in the Stellar blockchain which enabled them to create 2.25 billion XLM tokens. These tokens, at the time, were worth approximately $10 million and represented as much as 25 percent of the circulating supply of the digital asset.
It’s worth pointing out that the team at Stellar has since fixed this critical bug.
Media Didn’t Report the Bug
The report by Messari claims that public disclosures at the Stellar Development Foundation (SDF) regarding the critical bug were relatively muted. Further, at the time, no media outlet reported on the bug despite its critical implications on the Stellar ecosystem.
The SDF later decided to burn an equivalent amount of XLM tokens from its community reserve to nullify the impact of token inflation. This activity also went unnoticed by media outlets.
The research team at Messari notes that the additional 2.25 billion XLM tokens created by the hackers were moved to exchanges and sold during the first half of 2017.
Stellar Representatives Say Nothing Was Concealed
In response, representatives from Stellar told Messari that the bug was reported in the company’s release notes. The company officials claim that the bug was published twice in the notes and that they burned the additional tokens to “true up” the circulating supply.
Further, they said that Stellar has since grown exponentially to become significant financial software and has made its disclosure standards more transparent.
The representatives concluded:
“There’s been no notable bug since, and if there were we would disclose it in full detail as soon as it was patched. As we announced last month in our 2019 Roadmap we have already committed to a full accounting of all of SDF’s Lumens by the end of the year, and more details around this old bug were going to be (and still will be) part of that.”
