back to article Android bug batters Bitcoin wallets

Users of Android Bitcoin apps have woken to the unpleasant news that an old pseudo random number generation bug has been exploited to steal balances from users' wallets. The Bitcoin Foundation's announcement, here, merely states that an unspecified component of Android “responsible for generating secure random numbers contains …


This topic is closed for new posts.
  1. LarsG

    Has it been used to steal Bitcoin balances or is this a vulnerability and possibility?

    1. 6loss

      Looks like this is out there in the wild, and probably fairly scriptable I'd guess. See for claims of around 55 BTC being stolen so far.

  2. Cliff

    virtual risks

    Interesting that this class of risk is far heavier for distributed and noncentralised currencies than even visa and mastercard ones where transactions can be reversed. I guess you have to really trust whoever wrote your wallet app, mind you they would only be able to steal some numbers...

    1. d3rrial

      Re: virtual risks

      Some numbers that are currently worth $104 per BTC

      1. Cliff

        Re: virtual risks

        ^^^ Yes indeed, to other number collectors. Worth fuckall to most people.

  3. Anonymous Coward
    Anonymous Coward

    I was the one who flagged the vulnerability in SecureRandom to Mike Hearn in private before someone figured out that it caused a k colission (due to a post that I placed in the Bitcoin Forums) and he was forced to go public with it all this weekend. You may ask him.

  4. Anonymous Coward
    Anonymous Coward

    Use the camera to generate a seed.

    1. Michael Shelby

      I wouldn't use the camera, but a phone has many sources for entropy, including some (accelerometer, touch screen, antennae, etc.) not found on a desktop or laptop. Kind of shocked that a function called SecureRandom is actually neither.

    2. Robert Helpmann??

      Who's Johnny?

      Use the camera to generate a seed.

      Is that William Gibson?

This topic is closed for new posts.

Other stories you might like