Tag Archives: wallet

Android Bitcoin & Litecoin wallets potentially vulnerable to theft due to coding flaw

Due to a serious flaw in the Java secure random number generator used by many Bitcoin applications on the Android operating system, any wallets generated by Android apps are potentially vulnerable to theft. While the advisory on bitcoin.org only mentions Bitcoin, the flawed code is also used in many Android Litecoin wallets, and probably also in whatever wallets exist for the various other cryptocurrencies.

If you have an Android wallet application on your mobile device, I highly recommend that you immediately generate a new address with the appropriate official desktop client (click here for Bitcoin and and here for Litecoin) and send all of your coins there. Do not use a cryptocurrency wallet on the Android OS until you can confirm that the version you’re using has been patched to fix the vulnerability, and discard any previously-generated wallet addresses permanently.

Update 8/12: The BBC has posted an article on the issue.

Update 8/14: And the first confirmed thefts due to the bug are starting to be reported.

Guide: Cryptocurrency Wallet Security

Litecoin walletSo you’ve built your own mining rig, you’ve mastered the art of trading for profit on the cryptocurrency exchanges, but you haven’t given much thought to securing your digital fortune against theft and accidental loss? Don’t worry, you’re not alone. Wallet security isn’t exactly a glamorous topic. In fact, many of you might even assume that you don’t need your own wallet at allafter all, mining pools and currency exchanges are more than happy to hold your money for you, right?

Letting somebody else control your money is a mistake that will likely end up costing you at some point. That mining pool operator that you assume is trustworthy could very well be a teenager halfway around the world that has no problem stealing your coins. The various digital currency exchanges are unregulated, not necessarily secure, and a daily target for hackersgood luck getting your money back when one is breached or goes belly up.

Since it’s still basically the Wild West when it comes to cryptocurrencies, the only way to ensure that your digital wallet can’t be stolen or lost is to secure it yourself. Thankfully, this isn’t all that difficult if you follow a few basic rules. Read on for the guide.

Nearly half of Bitcoin exchanges fail

A recent Wired UK study concluded that a whopping 45% of Bitcoin exchanges have failed, usually resulting in the loss of users’ deposits. Exchanges that manage to stick around are typically under constant attack from hackers looking to commit virtual heists. From the article:

Exchanges handling 275 Bitcoins’ worth of transactions each day have a 20 percent chance of being breached, compared to a 70 percent chance for exchanges processing daily transactions worth 5570 Bitcoins. [The researchers] estimate that the median lifespan of any Bitcoin exchange is 381 days, with a 29.9 percent chance that a new exchange will close within a year of opening.

Let this be a warning to anyone holding non-trivial amounts of digital currency: don’t treat exchanges like banks! Keep the majority of your bitcoins (and other altcoins) in local encrypted wallet files, preferably stored offline in multiple locations (USB sticks are great for this).