Analysts of the portal Messari made public a serious inflation bug that occurred on the Stellar network in April 2017. Then this incident went almost unnoticed.

According to them, a certain attacker using the bug in the MergeOPFrame :: doApply function of the Stellar protocol created about 2.25 billion XLM (at that time about $ 10 million).

Subsequently, the coins were transferred to stock exchanges and probably sold in the first half of 2017. Analysts were able to detect the history of transactional transactions through the Horizon client, which is not available in block browsers.

“Issue amounted to about a quarter of all coins in circulation as of April 2017, but the Stellar Development Foundation did not make this incident publicly up to standard. Subsequently, in order to maintain parity, the developers decided to destroy the corresponding amount of XLM from the community reserves, ”the researchers pointed out.

The preliminary fix for the bug was introduced by Stellar founder Jed McCaleb on April 6, but until his official release on April 30, the attack vector remained open.

In turn, representatives of Stellar stated that they had mentioned the use of the bug a couple of times in the release notes and since then have substantially revised the standards for disclosing information.

“After this incident, no such bugs were worthy of attention in the protocol,” a Stellar representative added.

Recall that in November 2018, transactions for billions of XLM tokens , made at the same address, were noticed on the Stellar network. The total amount of transfers then exceeded the coin offer available on the market, but it soon became clear that the transactions were fake.

Subscribe to the BlockchainJournal news at Telegram: BlockchainJournal Live – the entire news feed, BlockchainJournal – the most important news and polls.