TheÂ Bitcoin wallet Android application provided by blockchain.infoÂ apparently contains a flaw that creates the same wallet over and over again for differentÂ users. The issue stemsÂ in the way the random number generatorÂ providesÂ bitcoin addresses (random publick keys and their corresponding private ones), which can Â can haveÂ users unknowingly gaining control over a wallet that is already in use.
â€œIn rare circumstances, certain versions of Android operating system could fail to provide sufficient entropy, and when backup provisions also failed, multiple users could end up generating duplicate addresses,â€ according to Blockchainâ€™s blog.
Blockchain said one address was generated multiple times due to the bug, leading to a loss of funds for â€œa handful of users.â€
â€œThough the issue occurs rarely, it might impact bitcoin addresses generated by old versions of our wallet when run on Android 4.1 `Jelly Beanâ€™ or older,â€ the blog said.
Users should download the latest version of Blockchain from the Google Play store and update their Android OS. Users who have generated at-risk bitcoin addresses should: 1. Send the funds to new addresses, as addresses created with the latest Android app, the iOS app, or at www.blockchain.info, will not be affected by the flaw. 2. Archive potentially affected addresses to avoid accidental reuse.
The flaw apparently came about through a series of bad development choices that all failed in the worst way. Bitcoin wallets are typically created by randomly generating a public address and a related private key. It is important that the address and key are truly random, or a thief could guess the private key by looking at the public address, according to The Guardian.
In January 2015, Bitstamp, a Slovenian exchange service, was temporarily disrupted after a breach left its reserves $5 million lighter. The following month, Bitcoin exchange MyCoin disappeared in a puff of virtual smoke, taking with it as much as US $387 million in funds belonging to as many as 3,000 local investors. Last year, major Bitcoin exchangeÂ Mt. GoxÂ andÂ underground marketplace Silk RoadÂ had their operations closed and millions of customers were affected. Bitcoin founder Satoshi Nakamotoâ€™s email had been also hijacked in 2014.