Поділитися цією статтею
Developers find Android flaw that makes bitcoin wallets vulnerable to theft
An Android flaw is compromising all wallets running on Google's mobile platform. Here's what to do.
Автор Danny Bradbury
Android wallet users were sent into a panic over the weekend, after Google discovered a flaw in its mobile operating system that rendered generated bitcoin addresses unsafe.
, the forum contributor who reported the bug, the way in which random numbers are generated in Android is flawed. Random numbers are used along with a private key to sign a transaction when sending from a bitcoin address. The flaw means that any random number used more than once with the same public bitcoin address enables that address to be compromised.
This problem will affect any Android-based bitcoin wallet user who has used a bitcoin address more than once. It means that a person could recover that user’s private signature by analyzing the transaction in the block chain, enabling them to spend bitcoins from that address.
If you have used the same random number more than once with the same bitcoin address when sending from an Android wallet, your bitcoins are in danger.
The solution is to generate a new bitcoin address using a repaired version of the random number generator, and then to send all your money in your wallet back to yourself, according to Bitcoin.org. However, this relies on getting an updated version of your Android wallet if you're still going to use an Android-based app.
A report from Hearn suggests that an update of Andreas Schildbach’s Bitcoin Wallet has been prepared and is undergoing testing (a manual install is available via this forum posting for bitcoin users).
is preparing an update, as is Mycelium Wallet. Blockchain.info has released an update, according to Hearn, which allows users to manually rotate keys. Another update in the next few days will automatically send all coins controlled by previous keys to the new one.
In the meantime, however, bitcoins are reportedly being stolen from compromised addresses. Over 55 bitcoins are said to have been sent to this address from compromised addresses.
The upshot of all this is that bitcoin users will learn something: never use the same bitcoin address twice. We have always known that not reusing addresses makes you less trackable online. It is also a way to protect against exploits such as these, which aren’t a fault of the bitcoin network at all, but are rather down to a flaw in a platform supporting third-party bitcoin wallet services.
It’s also worthwhile transferring coins from an online bitcoin address to a ‘cold’ offline wallet, leaving just enough coins in your hot wallet to cover basic transactions.
Finally, once your bitcoins have been transferred to the new, safe address, back up your wallet.
Image credit: Flickr / pittaya
Більше для вас
Coinbase announces INR rails to make the platform fully accessible to Indian retail traders.
Що варто знати:
- Coinbase is launching direct INR deposit and withdrawal rails via IMPS starting June 1, removing reliance on P2P and intermediaries.
- The move reduces friction and scam risk for Indian users while enabling seamless bank-to-crypto transfers on a regulated platform.
- Coinbase is pairing the rollout with spot and perpetual futures trading,...
Top Stories
