Industry News

Bitcoin App Flaw Makes Users Share Same Wallet

The Bitcoin wallet Android application provided by blockchain.info apparently contains a flaw that creates the same wallet over and over again for different users. The issue stems in the way the random number generator provides bitcoin addresses (random publick keys and their corresponding private ones), which can  can have users unknowingly gaining control over a wallet that is already in use.

bitcoin

“In rare circumstances, certain versions of Android operating system could fail to provide sufficient entropy, and when backup provisions also failed, multiple users could end up generating duplicate addresses,” according to Blockchain’s blog.

Blockchain said one address was generated multiple times due to the bug, leading to a loss of funds for “a handful of users.”

“Though the issue occurs rarely, it might impact bitcoin addresses generated by old versions of our wallet when run on Android 4.1 `Jelly Bean’ or older,” the blog said.

Users should download the latest version of Blockchain from the Google Play store and update their Android OS. Users who have generated at-risk bitcoin addresses should: 1. Send the funds to new addresses, as addresses created with the latest Android app, the iOS app, or at www.blockchain.info, will not be affected by the flaw. 2. Archive potentially affected addresses to avoid accidental reuse.

The flaw apparently came about through a series of bad development choices that all failed in the worst way. Bitcoin wallets are typically created by randomly generating a public address and a related private key. It is important that the address and key are truly random, or a thief could guess the private key by looking at the public address, according to The Guardian.

In January 2015, Bitstamp, a Slovenian exchange service, was temporarily disrupted after a breach left its reserves $5 million lighter. The following month, Bitcoin exchange MyCoin disappeared in a puff of virtual smoke, taking with it as much as US $387 million in funds belonging to as many as 3,000 local investors. Last year, major Bitcoin exchange Mt. Gox and underground marketplace Silk Road had their operations closed and millions of customers were affected. Bitcoin founder Satoshi Nakamoto’s email had been also hijacked in 2014.

About the author

Răzvan MUREȘAN

Former business journalist, Razvan is passionate about supporting SMEs into building communities and exchanging knowledge on entrepreneurship. He enjoys having innovative approaches on hot topics and thinks that the massive amount of information that attacks us on a daily basis via TV and internet makes us less informed than we even think. The lack of relevance is the main issue in nowadays environment so he plans to emphasize real news on hotforsecurity.com

2 Comments

Click here to post a comment
  • Bitcoin’s Vulnerabilities are Showing ??? ce legatura are prietene o greseala de programare din cauza careia portofelul facut de blockchain.info nu reusea sa isi i-a numar random cu tehnologia bitcoin in sine ?