- An attacker exploited a concurrency bug and created 2.25 billion XLM.
- In a statement to Messari, Stellar said that they had mentioned the bug twice in their release notes where they made it clear that the bug was exploited.
As per Messari Research, Stellar suffered an inflation bug in 2017 which created over 2 billion XLM. Stellar has since patched this with an equivalent token burn. While researching the supply details of the top 50 crypto assets, they discovered:
- In 2017, an attacker exploited a concurrency bug and created 2.25 billion XLM worth approximately $10 million at the time.
- This inflation represented nearly 25% of the circulating supply in April 2017.
- The Stellar Development Foundation decided to burn an equivalent amount of XLM from its community reserve to offset the illicit inflation.
- The affected addresses and related records of the bug are no longer accessible on Stellar Expert or other block explorers.
- The XLM tokens that were created was moved to exchanges and probably sold during the first half of 2017.
Stellar representatives shared the following statement with Messari:
“In April 2017, Stellar was an emerging open-source project with a small but dedicated developer community. Announcing the bug in our release notes, therefore, made total sense””that’s how you reach those users. We mentioned it twice, in fact, in the notes, and we were very clear the bug had been exploited. From there, we took the additional step of burning Lumens to “true up” the supply, so that current $XLM owners wouldn’t be diluted and our projected total supply would remain accurate. We recognize that Stellar has since become significant financial software, and our disclosure standards have grown to reflect that reality. There’s been no notable bug since, and if there were we would disclose it in full detail as soon as it was patched. As we announced last month in our 2019 Roadmap we have already committed to a full accounting of all of SDF’s Lumens by the end of the year, and more details around this old bug were going to be (and still will be) part of that.”