Decentralized DNS Project Handshake Patches Inflation Bug

Given its severity, the team had to coordinate with miners to fix the flaw with an emergency soft fork.

AccessTimeIconApr 2, 2021 at 9:02 p.m. UTC
Updated Sep 14, 2021 at 12:35 p.m. UTC
10 Years of Decentralizing the Future
May 29-31, 2024 - Austin, TexasThe biggest and most established global hub for everything crypto, blockchain and Web3.Register Now

The team behind the decentralized Domain Name Server (DNS) project, Handshake, recently patched a bug that could have inflated the supply of HNS coins.

When it existed in Handshake’s code, the bug was never exploited and no user funds or domain data were compromised, Handshake’s developers wrote in a post.

“A flaw was discovered in the Handshake protocol that could unintentionally increase the total HNS coin supply beyond its designed limits," according to the post. "A user with a reserved name claim could have accidentally generated small amounts of extra HNS by modifying their wallet. In the worst-case scenario, a malicious miner could generate nearly unlimited extra HNS in every block. The bug was never exploited and is now fixed.” 

The team advises miners and node operators to update to the newest version ASAP.

Handshake is a decentralized domain name service wherein users can purchase Handshake names, an alternative to the DNS identifiers traditionally used for accessing websites (Handshake users pay for these in HNS token). Per the blog post, the bug would have given users who have claimed Handshake names the ability to accidentally print extra HNS tokens.

Handshake inflation bug

Matthew Zipkin, former developer at BitGo and a contributor to Bcoin, alerted the team of the vulnerability on March 24. From here, Handshake developer (and Lightning Network architect) Joseph Poon and fellow Handshake dev Christopher Jeffrey coded fixes that were rolled out to HNS mining pools first.

The team approached miners like F2Pool and Poolin first because the bug required overhauling Handshake’s code, according to the post. 

“This flaw is not just an implementation bug that could be fixed with a software patch. It is a problem with the design of the Handshake protocol and so it affects every user and all full nodes. The only way to fix this kind of issue is with a soft fork, which adds new rules to the protocol and is enforced by miners," the team said.

“Soft forks” are blockchain upgrades where new versions of a software are made compatible with older versions and, as the post admits, they typically occur with total community involvement. Handshake’s team executed this emergency soft fork because “the flaw could not be disclosed until the new protocol rules were in place and enforced by as much hashrate as possible,” the team said in the post.


Please note that our privacy policy, terms of use, cookies, and do not sell my personal information has been updated.

CoinDesk is an award-winning media outlet that covers the cryptocurrency industry. Its journalists abide by a strict set of editorial policies. In November 2023, CoinDesk was acquired by the Bullish group, owner of Bullish, a regulated, digital assets exchange. The Bullish group is majority-owned by; both companies have interests in a variety of blockchain and digital asset businesses and significant holdings of digital assets, including bitcoin. CoinDesk operates as an independent subsidiary with an editorial committee to protect journalistic independence. CoinDesk employees, including journalists, may receive options in the Bullish group as part of their compensation.

Learn more about Consensus 2024, CoinDesk's longest-running and most influential event that brings together all sides of crypto, blockchain and Web3. Head to to register and buy your pass now.

Read more about