Report: Stellar suffered a 2.2 billion XLM inflation bug in 2017

More than 2.2 billion Lumens (XLM) were created in April 2017 by an attacker exploiting a bug in Stellar's code, according to a report by Messari.

While the Stellar Development Foundation did publicly disclose and patch the inflation bug in 2017, there was limited media coverage regarding the attack. At that time 2.2 billion XLM was worth approximately $10 million, which was 2.2% of the total supply of available XLM.

According to Messari, the additional XLM was created by exploiting the "MergeOpFrame:doApply" function which merges a "source account into a destination account, thereby discarding the source account and transferring all the source account balance into the destination balance." However, the attacker called the function simultaneously multiple times, which enabled them to merge the source account into multiple destination accounts — creating additional XLM in the process. This bug was exploited 110 times, which lead to the creation of over 2.2 billion XLM.


Keep up with the latest news, trends