clock menu more-arrow no yes mobile

Filed under:

Bitcoin developers say critical Android flaw leaves digital wallets vulnerable to theft

New, 55 comments
bitcoin 1020 (casascius)
bitcoin 1020 (casascius)

In a blog post the developers of Bitcoin have announced the discovery of a critical weakness in Android that leaves Bitcoin wallets subject to theft. The vulnerability affects every Bitcoin wallet app for Android, including popular options like Bitcoin Wallet, wallet, BitcoinSpinner and Mycelium Wallet.

The developers say that the vulnerability lies in Android's ability to generate secure strings of random numbers, which help keep your Bitcoins safe. Exchange front-end services like Mt. Gox and Coinbase are unaffected, since their private keys are not generated on-device. The developers strongly urge anyone who has generated a wallet using an Android app to generate a new address with a proven reliable random number generator, and to then send all the money in your wallet back to yourself.

In the meantime, a thread on seems to indicate that updates for the affected apps are already in the works.