Android generated Bitcoin wallets subject to theft

12th August 2013

Digital currency Bitcoin has warned users of its Android wallets that they are vulnerable to theft. 

In an alert on its website, Bitcoin has said: "We recently learned that a component of Android responsible for generating secure random numbers contains critical weaknesses, that render all Android wallets generated to date vulnerable to theft. Because the problem lies with Android itself, this problem will affect you if you have a wallet generated by any Android app. An incomplete list would be Bitcoin Wallet, wallet, BitcoinSpinner and Mycelium Wallet. Apps where you don't control the private keys at all are not affected. For example, exchange frontends like the Coinbase or Mt Gox apps are not impacted by this issue because the private keys are not generated on your Android phone."

Bitcoin says it is preparing updates for Bitcoin Wallet, BitcoinSpinner, Mycelium Wallet and, adding that key rotation is necessary by generating a new address with a repaired random number generator and then sending all the money in your wallet back to yourself. Android wallet users should upgrade to the latest version available in the Play Store as soon as it becomes available, then contact anyone who has stored addresses generated by phone and give them a new one.

Users of Bitcoin Wallet by Andreas Schildbach will find that their key rotation will occur automatically soon after upgrading says the statement. However, the old addresses will be marked as insecure in the address book and a fresh backup will have to be made.

Bitcoin uses peer-to-peer technology to operate with no central authority or banks; managing transactions and the issuing of bitcoins is carried out collectively by the network.

Written by

In partnership with