Cryptocurrency research company Messari has stated that Stellar (XLM) experienced an inflation bug in the month of April 2017 and it was misused to generate 2.25 billion XLM (worth about $10 million at the time), which were later burned. The story was revealed in a Messari report issued on March 27.
The research also heeds that the associated addresses and relevant records are no longer available on Stellar Expert or other block creators but can be obtained applying the Horizon Application Programming Interface. Also, the organization insists that apparently, no media published anything about the bug, its exploitation, and the resulting burn before Messari.
Stellar Lumens, XLM is the cryptocurrency (digital currency) of the stellar network. It is an open-source code for currency exchange founded in early 2014 by Jed McCaleb and Joyce Kim. Lumens are the primary asset of the Stellar network. The primary means Lumens are congregated in the Stellar network. The purpose of the Stellar network is to unite people, payment systems and banks. In the world of cryptocurrency, Bitcoin is the cryptocurrency of the Bitcoin network. Just like Bitcoin, Stellar is the network and Lumen is the cryptocurrency of the stellar network. It is a distributed payment framework.
What was the Stellar Bug?
According to Messari, the extra XLM was generated by abusing the “MergeOpFrame:doApply” function which blends a “source account into a destination account, through rejecting the root account and shifting all the root account balance into the target balance.” Nevertheless, the attacker beckoned the function concurrently various times, which allowed them to blend the root account into various target accounts — generating extra XLM in the method. This bug was misused 110 times, which point to the production of over 2.25 billion XLM.
Stellar, currently the eighth biggest cryptocurrency by market cap with a cumulative business value of over two billion, remarked that the organization has not covered the problem. More accurately, a Stellar spokesperson is mentioned in the report declaring that the mentioned bug and its exploitation were named twice in the protocol’s announcement notes. The report also recognizes the significance of strait-laced revelation:
We recognize that Stellar has since become significant financial software, and our disclosure standards have grown to reflect that reality. There’s been no notable bug since, and if there were we would disclose it in full detail as soon as it was patched.
After discovering the Stellar bug, the Stellar Development Foundation chose to burn the equivalent amount of XLM from its community assets to evade weakening XLM heirs at that time.
What research team found?
- In 2017 an attacker was authorized to misuse a concurrency bug in the Stellar protocol’s “MergeOPFrame::doApply” function, and generate 2.25 billion $XLM worth around $10 million at the time.
- This illegal increase designated approximately 25% of distributing supply in April of 2017, but known revelations at the Stellar Development Foundation (“SDF”) about the situation were nearly silenced, and no media appears to have earlier published anything about the bug or the SDF’s consequent choice to burn an equal amount of XLM from its community assets to balance the illegal inflation.
- The modified addresses and associated records of the bug are no longer available on Stellar Expert or other block creators, but the Messari research team was capable to trace the traditional activities through the Horizon client business account.
Finally, the company perceived that in its roadmap for 2019 published last month, Stellar bound to a complete accounting of whole Stellar Development Foundation XLM by the completion of the current year, which incorporates more highlights about this bug.
The roadmap presents an acumen into the five divisions that Stellar Development Foundation (SDF) is acting on. Stellar Core and Horizon both have committed unit while a new unit is added in the form of Product that concentrates on Stellar apps and other things. The company unit incorporates HR and ops while Ecosystem manages the developer and association connections.
Disclaimer: This information should not be interpreted as an endorsement of any cryptocurrency. It is not a recommendation to trade. The crypto market is full of surprises and overhyped assets. Do your research before buying anything. Do not invest more than you can afford to lose.