Report: Stellar suffered a 2.2 billion XLM inflation bug in 2017

More than 2.2 billion Lumens (XLM) were created in April 2017 by an attacker exploiting a bug in Stellar's code, according to a report by Messari.

While the Stellar Development Foundation did publicly disclose and patch the inflation bug in 2017, there was limited media coverage regarding the attack. At that time 2.2 billion XLM was worth approximately $10 million, which was 2.2% of the total supply of available XLM.

According to Messari, the additional XLM was created by exploiting the "MergeOpFrame:doApply" function which merges a "source account into a destination account, thereby discarding the source account and transferring all the source account balance into the destination balance." However, the attacker called the function simultaneously multiple times, which enabled them to merge the source account into multiple destination accounts — creating additional XLM in the process. This bug was exploited 110 times, which lead to the creation of over 2.2 billion XLM.

Start your day with the most influential events and analysis happening across the digital asset ecosystem.

By signing-up you agree to our Terms of Service and Privacy Policy
By signing-up you agree to our Terms of Service and Privacy Policy

In response to the bug, the Stellar Development Foundation decided to burn the same amount of  XLM from its community reserves to avoid diluting XLM owners at that time.

A representative from the Stellar Development Foundation sent Me