Android Bitcoin & Litecoin wallets potentially vulnerable to theft due to coding flaw

Due to a serious flaw in the Java secure random number generator used by many Bitcoin applications on the Android operating system, any wallets generated by Android apps are potentially vulnerable to theft. While the advisory on bitcoin.org only mentions Bitcoin, the flawed code is also used in many Android Litecoin wallets, and probably also in whatever wallets exist for the various other cryptocurrencies.

If you have an Android wallet application on your mobile device, I highly recommend that you immediately generate a new address with the appropriate official desktop client (click here for Bitcoin and and here for Litecoin) and send all of your coins there. Do not use a cryptocurrency wallet on the Android OS until you can confirm that the version you’re using has been patched to fix the vulnerability, and discard any previously-generated wallet addresses permanently.

Update 8/12: The BBC has posted an article on the issue.

Update 8/14: And the first confirmed thefts due to the bug are starting to be reported.

You can leave a response, or trackback from your own site.

Leave a Reply