Bitcoin App Flaw Makes Users Share Same Wallet

The Bitcoin wallet Android application provided by blockchain.info apparently contains a flaw that creates the same wallet over and over again for different users. The issue stems in the way the random number generator provides bitcoin addresses (random publick keys and their corresponding private ones), which can can have users unknowingly gaining control over a wallet that is already in use.

“In rare circumstances, certain versions of Android operating system could fail to provide sufficient entropy, and when backup provisions also failed, multiple users could end up generating duplicate addresses,” according to Blockchain`s blog.

Blockchain said one address was generated multiple times due to the bug, leading to a loss of funds for “a handful of users.”

“Though the issue occurs rarely, it might impact bitcoin addresses generated by old versions of our wallet when run on Android 4.1 `Jelly Bean` or older,” the blog said.

Users should download the latest version of Blockchain from the Google Play store and update their Android OS. Users who have generated at-risk bitcoin addresses should: 1. Send the funds to new addresses, as addresses created with the latest Android app, the iOS app, or at www.blockchain.info, will not be affected by the flaw. 2. Archive potentially affected addresses to avoid accidental reuse.

The flaw apparently came about through a series of bad development choices that all failed in the worst way. Bitcoin wallets are typically created by randomly generating a public address and a related private key. It is important that the address and key are truly random, or a thief could guess the private key by looking at the public address, according to The Guardian.

In January 2015, Bitstamp, a Slovenian exchange service, was temporarily disrupted after a breach left its reserves $5 million lighter. The following month, Bitcoin exchange MyCoin disappeared in a puff of virtual smoke, taking with it as much as US $387 million in funds belonging to as many as 3,000 local investors. Last year, major Bitcoin exchange Mt. Gox and underground marketplace Silk Road had their operations closed and millions of customers were affected. Bitcoin founder Satoshi Nakamoto`s email had been also hijacked in 2014.