Bitcoin wallets created on Android devices at risk of theft

BitcoinA critical security vulnerability has been discovered in Android Bitcoin wallet apps that could leave users “vulnerable to theft”.

According to an official blog post at, popular affected apps include – but are not limited to – Bitcoin Wallet,, Bitcoin Spinner, and Mycelium Wallet.

Bitcoin, for those who aren’t familiar with it, is a virtual digital currency (meaning it doesn’t exist physically in the real world, but can be used to purchase items online) that relies upon cryptography.

The problem appears to lie in a weakness in the way that Android phones and tablets generate the random numbers required for private keys, meaning that the key could be recoverable by someone else.

Sign up to our free newsletter.
Security news, advice, and tips.

And if someone else can work out the private key to your Bitcoin wallet, that’s rather like knowing the PIN code for your bank account.


Affected users are being advised to keep a keen eye open for updates to their Android Bitcoin apps:

“If you use an Android wallet then we strongly recommend you to upgrade to the latest version available in the Play Store as soon as one becomes available. Once your wallet is rotated, you will need to contact anyone who has stored addresses generated by your phone and give them a new one.”

There are already reports that Bitcoins may have been stolen from compromised addresses.

Imagine if a weakness like this were found impacting those of us who use traditional real-life banks…

For further information, read the official blog post at and follow the discussions online.

Graham Cluley is an award-winning keynote speaker who has given presentations around the world about cybersecurity, hackers, and online privacy. A veteran of the computer security industry since the early 1990s, he wrote the first ever version of Dr Solomon's Anti-Virus Toolkit for Windows, makes regular media appearances, and is the co-host of the popular "Smashing Security" podcast. Follow him on Twitter, Mastodon, Threads, Bluesky, or drop him an email.

What do you think? Leave a comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.