Messari — the crypto research and analytics site — recently released a report detailing a ‘lightly reported’ inflation bug that the cryptocurrency network Stellar experienced in April 2017. According to their research, an attacker exploited a vulnerability in the Stellar protocol and created roughly 2.2 billion XLM — the native currency of the Stellar network.
The inflation of 2.2 billion XLM accounted for nearly 25 percent of the supply at the time, although it is now only about 2.2 percent of the total supply. The Stellar team publicly disclosed the attack and patched the bug, although Messari notes that the response was muted and barely covered by crypto media at the time.
The Inflation Bug and Patch
In April 2017, an unknown hacker leveraged the ‘MergeOPFrame::doApply’ function in the Stellar protocol to effectively mint 2.25 billion XLM (~ $10 million at the time). According to a statement provided to Messari by the Stellar Development Foundation (SDF), the team publicly disclosed the bug following the attack and burned an equal amount of supply so as not to dilute XLM holders’ funds.
According to the statement from SDF:
“We mentioned it twice, in fact, in the notes, and we were very clear the bug had been exploited. From there, we took the additional step of burning Lumens to ‘true up’ the supply, so that current $XLM owners wouldn’t be diluted and our projected total supply would remain accurate.”
Messari notes that the related records and addresses affected by the bug are no longer available on Stellar block explorers and that their team used the Horizon client’s transaction history to identify them.
The SDF attempted to quell any concerns in the run-up to Messari’s report release, stating:
“There’s been no notable bug since, and if there were we would disclose it in full detail as soon as it was patched. As we announced last month in our 2019 Roadmap we have already committed to a full accounting of all of SDF’s Lumens by the end of the year, and more details around this old bug were going to be (and still will be) part of that.”
Stellar has one of the largest supplies of any cryptocurrency, equating to an eventual total of nearly 143 billion, although only roughly 13.5 percent of that supply has been issued so far. Stellar initially created 100 billion XLM tokens, which is why the 2.2 billion inflation bug accounted for 2.2 percent of the supply, but only 19.2 billion XLM have actually been distributed into circulation so far.
Messari notes that the inflated XLM from the hack was moved to exchanges and likely sold in the run-up to the 2017 bull run which saw prices skyrocket across the board.
Stellar snowballed into one of the largest cryptocurrencies by market cap following a meteoric run in price in the latter half of 2017 and currently resides at the 8th largest. Stellar is a fork of the third-largest cryptocurrency by market cap, XRP.