Bug hits Bitcoin for Android

13 Aug 2013

Bitcoin has said that the its Android component responsible for secure number generation contained critical weaknesses that rendered all Android wallets generated to date vulnerable to theft.

According to the company, wallet apps generated by Android, including Bitcoin Wallet, blockchain.info, BitcoinSpinner and Mycelium, could be open to attack.

With Bitcoin, a peer-to-peer digital currency, users can purchase real-world as also online goods  and services.

Bitcoin further added, secure updates for the affected applications were currently under development and called for upgradation to the latest versions available in the Google Play Store after their release.

Bitcoin called on Android Bitcoin apps users to create a new, secure address and send any money in their current wallet back to themselves.

Commentators point out that this was not the first instance of Bitcoin wallet providers having been exposed to threat. In an attack, in April this year, hackers targeted the web-based Instawallet, and stole over 35,000 bitcoins.

The Bitcoin exchange Bitfloor also came under attack last September, with 24,000 units - then the equivalent of $250,000 (£158,000) - being stolen.

In June 2011, a large number of stolen Bitcoins were dumped on the market lead to a crash in their value. This led to the  suspension of trading and eventual roll back to pre-crash rates. (See: Bitcoin to 'bounce back' following hack attack)

Commentators point out that the problem with Andorid apps, which allowed for recovery of private keys if random numbers were used twice, had been identified by a blogger as early as January.

Meanwhile, Bitcoin developers warned on Sunday that the vulnerability occured in an Android component that generated secure random numbers, in a Bitcoin.org blog post. They added, since the problem was rooted in the operating system, every Bitcoin digital wallet generated by an Android app was affected by the weakness.

"If you use an Android wallet then we strongly recommended you upgrade to the latest version available in the Play Store as soon as one becomes available," developers wrote. "Once your wallet is rotated, you will need to contact anyone who has stored addresses generated by your phone and give them a new one."

They assured availability of Wallet updates in the near future.