Share this article
Developers find Android flaw that makes bitcoin wallets vulnerable to theft
An Android flaw is compromising all wallets running on Google's mobile platform. Here's what to do.
Updated Sep 10, 2021, 11:28 a.m. Published Aug 11, 2013, 10:46 p.m.
Make us preferred on Google
Android wallet users were sent into a panic over the weekend, after Google discovered a flaw in its mobile operating system that rendered generated bitcoin addresses unsafe.
STORY CONTINUES BELOW
Don't miss another story.Subscribe to the Crypto Daybook Americas Newsletter today. See all newsletters
, the forum contributor who reported the bug, the way in which random numbers are generated in Android is flawed. Random numbers are used along with a private key to sign a transaction when sending from a bitcoin address. The flaw means that any random number used more than once with the same public bitcoin address enables that address to be compromised.
This problem will affect any Android-based bitcoin wallet user who has used a bitcoin address more than once. It means that a person could recover that user’s private signature by analyzing the transaction in the block chain, enabling them to spend bitcoins from that address.
If you have used the same random number more than once with the same bitcoin address when sending from an Android wallet, your bitcoins are in danger.
The solution is to generate a new bitcoin address using a repaired version of the random number generator, and then to send all your money in your wallet back to yourself, according to Bitcoin.org. However, this relies on getting an updated version of your Android wallet if you're still going to use an Android-based app.
A report from Hearn suggests that an update of Andreas Schildbach’s Bitcoin Wallet has been prepared and is undergoing testing (a manual install is available via this forum posting for bitcoin users).
is preparing an update, as is Mycelium Wallet. Blockchain.info has released an update, according to Hearn, which allows users to manually rotate keys. Another update in the next few days will automatically send all coins controlled by previous keys to the new one.
In the meantime, however, bitcoins are reportedly being stolen from compromised addresses. Over 55 bitcoins are said to have been sent to this address from compromised addresses.
The upshot of all this is that bitcoin users will learn something: never use the same bitcoin address twice. We have always known that not reusing addresses makes you less trackable online. It is also a way to protect against exploits such as these, which aren’t a fault of the bitcoin network at all, but are rather down to a flaw in a platform supporting third-party bitcoin wallet services.
It’s also worthwhile transferring coins from an online bitcoin address to a ‘cold’ offline wallet, leaving just enough coins in your hot wallet to cover basic transactions.
Finally, once your bitcoins have been transferred to the new, safe address, back up your wallet.
Image credit: Flickr / pittaya
More For You
KuCoin captured a record share of centralised exchange volume in 2025, with more than $1.25tn traded as its volumes grew faster than the wider crypto market.
What to know:
- KuCoin recorded over $1.25 trillion in total trading volume in 2025, equivalent to an average of roughly $114 billion per month, marking its strongest year on record.
- This performance translated into an all-time high share of centralised exchange volume, as KuCoin’s activity expanded faster than aggregate CEX volumes, which slowed during periods of lower market volatility.
- Spot and derivatives volumes were evenly split, each exceeding $500 billion for the year, signalling broad-based usage rather than reliance on a single product line.
- Altcoins accounted for the majority of trading activity, reinforcing KuCoin’s role as a primary liquidity venue beyond BTC and ETH at a time when majors saw more muted turnover.
- Even as overall crypto volumes softened mid-year, KuCoin maintained elevated baseline activity, indicating structurally higher user engagement rather than short-lived volume spikes.
More For You
Cathie Wood’s ARK Invest files for two crypto index ETFs tied to CoinDesk 20
One proposed fund will attempt to exactly mimic the CoinDesk 20, but the other would track the index, excluding bitcoin.
What to know:
- ARK Invest has filed with U.S. regulators to launch two cryptocurrency ETFs tracking the CoinDesk 20 index.
- One proposed fund would track the CoinDesk 20, which provides exposure to major tokens, including bitcoin, ether, solana, XRP, and cardano. The other would track the same index, but exclude bitcoin, by pairing long index futures with short bitcoin futures.
- The funds, which would list on NYSE Arca if approved, aim to offer diversified crypto exposure without direct token custody and follow similar, still-unapproved crypto index ETF proposals from WisdomTree and ProShares.
Top Stories
