The Bitcoin Foundation said Sunday that a security flaw in the Android mobile OS leaves Bitcoin wallets vulnerable to theft. The Bitcoin Foundation said any wallet app that relies on Android to generate a random number key, including Bitcoin Wallet, Blockchain, BitcoinSpinner and Mycelium Wallet, is at risk. Some Bitcoin users estimated that the equivalent of thousands of dollars in Bitcoin has already been stolen.
Bitcoin apps from Coinbase or Mt Gox are not impacted by the flaw because the private keys are not generated on the Android phone.
Updates are available for Bitcoin Wallet and Mycelium Wallet at the Google Play store, and a Bitcoin update for Blockchain is in development. BitcoinSpinner users are encouraged to start using Mycelium Wallet, which was developed by the same team.
To protect their wallets, Bitcoin users are instructed to update their apps immediately and generate a new address with a repaired number generator and send all of the Bitcoins back to themselves after they update to the latest version of the wallet app. Users are also advised to contact anyone they conduct Bitcoin transactions with and give them the new, secure address.
The Bitcoin Foundation was founded in 2012 in response to the massive expansion of the Bitcoin economy. According to its website, “the Bitcoin Foundation was created in an effort to standardize, protect and promote Bitcoin.”
At the time of writing, one Bitcoin is worth about $105 on the Mt Gox Bitcoin exchange.
The New York Department of Financial Services launched a probe Monday into about two dozen financial firms associated with Bitcoin. The regulators are concerned that Bitcoin is violating consumer protection laws and being used for money laundering and investment strategies. New York is considering legislation aimed at regulating Bitcoin.