Stellar Secretly Patches 2.25 Billion XLM Inflation Bug

Reading Time: 2 minutes

Stellar and its token XLM have been on one hell of a ride since launching back in 2014 – briefly becoming a top five crypto – but a fresh scandal is breaking and has the potential to disrupt the entire crypto community. A new report by Messari states that Stellar was attacked where an inflation bug was exploited and 2.25 billion XLM tokens were created. At the time this accounted for more than 25% of the total circulating supply and was worth more than $10 million. However, the Stellar team never announced the news of the attack, quietly fixed the bug, then burned 2.25 billion XLM tokens from its community reserve to reverse the impact of the bug.

All of this managed to fly well under the radar of the media and general public, but Stellar did in fact announce the attack in its release notes for the bug patch. Since then Stellar has revamped its bug and attack reporting process to become more transparent.

How Did the Attack Happen?

Thankfully, Stellar and the Stellar Development Foundation (SDF) have patched the bug, meaning it’s safe to tell the world how the attackers managed to print 2.25 billion XLM. There was an issue with the “MergeOPFrame::doApply” function in the Stellar blockchain, and if the correct sequence of commands where sent using this function then attackers could essentially print as many XLM tokens as they wished.

Presumably the attackers only needed $10 million, or thought that more than 2.25 billion would raise some sort of alarm. This is the type of attack that can turn blockchain networks into completely desolate environments that no developer or organization wishes to be associated with, but thankfully Stellar survived.

Tokens Already Long Gone

The research report managed to follow all of the newly created XLM tokens, and discovered that they had been transferred to various crypto exchanges and sold off in early 2017. Whether the SDF followed the XLM as well then contacted the exchanges for the information about the traders is still not yet known, but if the exchanges had KYC in place then the attackers could be caught and prosecuted.

XLM Insider Trading Scandal

When you know what the future holds, making profitable trades becomes rather easy – and that’s the latest scandal to hit Stellar. XLM was recently listed on Coinbase, but in the days leading up to the announcement, there were significant buy orders placed. Suddenly, after the announcement when the XLM price spiked, these tokens were then sold off – hinting that there was a large amount of insider trading taking place. Whether it was Stellar employees or top dogs at Coinbase is unknown, but eventually the truth will come out.

For now, Stellar appears to be safe and functioning, but who knows if it has suffered another attack that it hasn’t disclosed loudly. Had this news broken into the public media back in 2017, it could have seriously damaged the value of XLM and prevented Stellar from teaming up with companies such as IBM. Let’s hope that forks of the Stellar blockchain have fixed the bug too.

Share