Stellar [XLM] Was Attacked in 2017: Quietly Fixed A $10M XLM Inflation Bug

Pinterest LinkedIn Tumblr

Cryptocurrencies aren’t without their flaws. Bitcoin, for instance, once suffered a devastating bug that temporarily shut down its blockchain. Stellar Lumens (XLM) recently joined the list of blockchain projects that were rocked by a bug, with a leading industry data provider revealing that millions of dollars worth of the cryptocurrency were quietly injected into the Stellar ecosystem early in 2017.

Stellar XLM

Attacker Created 2.25 Billion XLM In April 2017

In its ongoing quest to offer the crypto community high-quality data, the New York-based Messari has revealed that per its research, 2.25 billion XLM was generated out of thin air during April 2017. The funny thing is, barely anyone knew about this debacle prior to Messari’s recent report.

According to the research, the cryptocurrency was generated by an unknown attacker who utilized the “MereOPFrame::doApply” function in Stellar’s protocol, which was once bugged. While the public details about how the bug was harnessed are scant, the economic effect of the sudden attack is known.

Messari writes that the tokens created were worth $10 million at the time, and represented upwards of 25% of all circulating XLM at the time. And interestingly, Stellar’s developers were purportedly unable to catch the attacker’s wallets in time, as the data provider explains that the 2.25 billion XLM injection was likely distributed to exchange wallets and subsequently sold during the first half of 2017.

Per a comment from the Stellar Development Foundation (SDF), action has since been taken to mitigate further debacles. The SDF burnt Lumens from its development war chest to “true up” the supply, specifically in a bid to ensure that XLM holders wouldn’t see a dilution of their holdings. The organization’s representatives added that “Stellar has since become significant financial software,” forcing the SDF’s hand to improve its transparency protocols, which will go live by the end of 2019.

Not The First Inflation Bug

Stellar may have recently come under fire due to this news, but this is far from the first inflation bug in the cryptocurrency industry’s short history.

During the mid-2018 creation of Bitcoin Private, which forked from both the Bitcoin and ZClassic chains, there were 102 suspicious blocks that contained 400 expected outputs apiece. These outputs, according to Coinmetrics, collectively contained 2,040,000 BTCP that was printed out of thin air, and subsequently routed to shielded addresses. While it is unclear who executed this clever attack, the executor was estimated to have made away with at least $1 million to $3 million.

Even Bitcoin (yes, the Bitcoin) once saw more supply than it bargained for. During block 74638, mined on August 15th, 2010, 184 billion BTC was created, which totally decimated Bitcoin’s long-standing 21 million supply limit. Somehow, a user managed to create a transaction with a negative value, creating an integer overflow that spawned the billions of BTC. In this case, Gavin Andresen and the fabled Satoshi Nakamoto got to work near-immediately, purging the block from existence.

While none of the 184 billion BTC ever made it to an exchange, third-party, or a user not complicit in the attack, the fact remains that cryptocurrencies, even the leading one, are far from infallible.

Stellar Forges Ahead, Partners With Coinbase

In spite of all this, the SDF seems entirely unfazed by its inflation-ridden past. And maybe, that’s for good reason. Since April 2017, the project has skyrocketed to crypto fame, becoming one of the highest valued cryptocurrencies in existence.

Whether this is due to its countless partnerships with IBM, its viability as a smart contracting platform, or other developments, Blockonomi isn’t too sure. But the SDF is looking to continue the Stellar Blockchain’s success with a recent announcement.

On Tuesday, SDF revealed that it had partnered with Coinbase, specifically the startup’s Earn service, to give away $50 worth of XLM to hundreds of thousands of users that are willing to learn about the protocol.

Important Note: There have been reports of scammers approaching companies via Telegram, LinkedIn and Other Social platforms purporting to represent Blockonomi and offer advertising offers. We will never approach anyone directly. Please always make contact with us via our contact page here.


I am a writer who has been following the cryptocurrency space since 2013. My insights and interviews have been featured in leading publications in the industry such as LongHash, NewsBTC, and Decrypt. When I am not writing, I work as a team member of the EXODUS division of HTC, a Taiwanese electronics company. I own a small amount of Bitcoin. Contact

Write A Comment

1inch Exchange
As Featured In
As Featured In