Android Flaw Leaves 30 Million Crypto Wallets Open To Attack: Microsoft Analysts

bitcoinistPublicado a 2026-04-11Actualizado a 2026-04-11

Resumen

Microsoft analysts revealed a critical security flaw in the EngageLab SDK (v4.5.4), leaving over 30 million Android crypto wallets vulnerable to attack. The "intent redirection" vulnerability allowed a malicious app to bypass Android's sandbox and gain read/write access to a wallet's private data, including seed phrases and keys, without any user interaction. A patch (SDK 5.2.1) was released in mid-2025. Users who haven't updated their apps since then are advised to not only update but also move their funds to new wallets with fresh seed phrases, as any unpatched wallet is considered compromised. The flaw also affected over 50 million apps in total.

A patch has been available for nearly a year, but millions of Android users may still be running vulnerable crypto wallet apps — leaving their funds and private keys exposed to a known security flaw.

Microsoft’s Defender Security Research Team went public last week with details of a vulnerability it first caught in April 2025. The flaw lived inside a widely used software component called the EngageLab SDK, version 4.5.4.

Because that SDK is baked into thousands of Android apps, a single malicious app could trigger a chain reaction that reached far beyond itself.

How The Attack Works

The method is called “intent redirection.” An attacker’s app sends a specially crafted message to any app running the flawed SDK version. Once that message lands, the targeted app is tricked into handing over read and write access to its own data — including stored seed phrases and wallet addresses.

Source: Microsoft

Android’s built-in sandbox system, which normally keeps apps from seeing each other’s data, was bypassed entirely. According to Microsoft, the attack affected more than 50 million apps across the Android ecosystem, with roughly 30 million of those being crypto wallets.

The vulnerability did not require the user to do anything wrong. No suspicious links. No phishing pages. Just having the wrong apps installed at the same time was enough.

Source: Microsoft

Response From Microsoft And Google

Microsoft moved quickly after its discovery. By May 2025, the company had brought Google and the Android Security Team into the response. EngageLab released a fixed version — SDK 5.2.1 — shortly after.

Reports indicate that both Microsoft and Google have since directed users on how to verify whether their wallet apps have been updated through Google Play Protect.

BTCUSD trading at $72,906 on the 24-hour chart: TradingView

Officials also pointed to a broader concern: apps installed as APK files from outside the Play Store are at higher risk, since they bypass the security checks that Google applies to apps listed in its official marketplace.

What Users Should Do Now

For most users who update their apps regularly, the risk has likely passed. But for anyone who has not updated since mid-2025, the recommended action goes beyond a simple app refresh.

Security teams are advising those users to move their funds into entirely new wallets, generated with fresh seed phrases. Any wallet that was active and unpatched during the exposure window should be treated as potentially compromised.

The disclosure comes alongside a separate Android chip vulnerability flagged the previous month and a new US Treasury initiative that pairs government agencies with crypto firms to share cybersecurity threat information — a sign that mobile security in the crypto space is drawing attention at the highest levels.

Featured image from Bleeping Computer, chart from TradingView

Preguntas relacionadas

QWhat is the name of the vulnerable software component and which version was affected?

AThe vulnerable software component is the EngageLab SDK, specifically version 4.5.4.

QWhat is the attack method called and how does it work?

AThe attack method is called 'intent redirection.' A malicious app sends a specially crafted message to an app running the flawed SDK, tricking it into granting read and write access to its own data, including seed phrases and wallet addresses.

QHow many crypto wallet apps were estimated to be affected by this vulnerability?

ARoughly 30 million crypto wallet apps were estimated to be affected.

QWhat is the primary action recommended for users who had an unpatched wallet app?

AUsers are advised to move their funds into entirely new wallets generated with fresh seed phrases, as the old wallet should be treated as potentially compromised.

QWhich two major companies collaborated on the response to this vulnerability after its discovery?

AMicrosoft and Google (specifically the Android Security Team) collaborated on the response.

Lecturas Relacionadas

Ripple’s Move To Privacy: How A Re-organization Of The XRP Ledger Will Affect The Network

Ripple's former CTO David Schwartz discussed how the XRP Ledger (XRPL) could respond to potential state-level attacks. While acknowledging that authoritarian regimes could cause temporary disruptions by targeting the validator network, Schwartz argued that long-term control is unlikely due to the network's decentralized structure, where Ripple-run validators comprise less than 20%. The network's resilience hinges on its ability to replace compromised validators. For sustained threats, Schwartz proposed a theoretical two-layer consensus reorganization. An inner layer of validators would handle daily operations, while an outer layer would manage changes to the validator set. This outer layer could operate more discreetly and infrequently, potentially using anonymizing services like Tor, making it harder to target. The core point is that the XRPL community could adapt its structure to maintain operations even under significant external pressure.

bitcoinistHace 1 hora(s)

Ripple’s Move To Privacy: How A Re-organization Of The XRP Ledger Will Affect The Network

bitcoinistHace 1 hora(s)

NYDIG Says $1.3 Billion IBIT Trade Reveals Urgent Bitcoin ETF Exit

A $1.26 billion off-exchange sale of BlackRock's spot Bitcoin ETF, IBIT, on May 26 is believed by NYDIG to be a large directional holder making an urgent exit rather than a basis-trade unwind. The seller accepted a $29.5 million discount (2.3% below market price) to execute the block trade of 29.21 million shares immediately, prioritizing speed and certainty. NYDIG's analysis points to a concentrated Bitcoin-linked position liquidation, citing the trade's size, price concession, and absence of corresponding CME futures activity typical of a basis trade unwind. The trade occurred amidst a backdrop of net outflows from spot Bitcoin ETFs and a deteriorating technical setup for Bitcoin, which had failed to break through key resistance. The transaction was executed under specific conditions allowing for a privately negotiated block sale. Despite IBIT reporting net redemptions around the same dates, NYDIG cautions that these figures do not directly measure the block trade's impact. The seller's identity and exact motivation remain unclear, but the event demonstrates a sophisticated investor's willingness to pay a significant premium for a rapid exit.

bitcoinistHace 2 hora(s)

NYDIG Says $1.3 Billion IBIT Trade Reveals Urgent Bitcoin ETF Exit

bitcoinistHace 2 hora(s)

Fidelity Mid-Year Review: 6 Key Digital Asset Trends for 2026

Fidelity Digital Assets' mid-year review assesses progress on six key digital asset trends for 2026 outlined in their annual outlook. The integration of digital assets with traditional capital markets is accelerating, evidenced by strong institutional demand for products like Bitcoin ETP options and increased tokenization activity. Regulatory clarity is also improving. Token holder rights are gaining focus through mechanisms like buybacks and governance changes, though a clear market premium for these features hasn't materialized. AI's rising compute demand appears to be impacting Bitcoin mining, with hash rate growth slowing as miners potentially reallocate resources. Bitcoin's network development is on track, with increased data capacity not straining the blockchain, while attention shifts to node dynamics and long-term quantum security upgrades. Market-wise, bearish forces have dominated in the short term due to macro pressures, yet underlying structural positives like institutional adoption remain. Finally, gold's strength, supported by central bank demand and de-dollarization trends, aligns with expectations, though anticipated outperformance by Bitcoin relative to gold has not yet occurred. Overall, the landscape shows foundational, long-term trends progressing beneath near-term market volatility.

marsbitHace 4 hora(s)

Fidelity Mid-Year Review: 6 Key Digital Asset Trends for 2026

Fidelity Digital Assets' mid-year review assesses progress against its 2026 outlook, highlighting six key trends. The integration of digital assets with traditional capital markets is accelerating, with growing institutional product adoption and clearer U.S. regulatory guidance. Token holder rights mechanisms are being tested but have yet to command a clear market premium. Competition from AI compute demand is potentially slowing Bitcoin mining hash rate growth, indicating a structural shift. Bitcoin's network faces low risk from increased data capacity but shows signs of potential minor consensus divergence with the rise of Knots nodes, while quantum security upgrades gain focus. Market dynamics have leaned bearish due to macro pressures, though Bitcoin's resilience in crises suggests underlying strength. Gold has performed strongly, supported by central bank buying and de-dollarization trends, though its anticipated positive correlation with Bitcoin hasn't yet materialized. Overall, beneath short-term volatility, foundational trends for long-term digital asset maturation are advancing.

链捕手Hace 4 hora(s)

The Midlife Crisis of Crypto GPs: No PMF, No Next Check from LPs

The article "The Midlife Crisis of Crypto GPs: No PMF, No Next LP Check" analyzes the shifting crypto fundraising landscape. It argues the era of selling grand visions to LPs is over; GPs must now offer products with clear Product-Market Fit (PMF). The author categorizes crypto fundraising products into three types: Primary (VC funds), Liquid (trading strategies), and CeFi/DeFi Native Yield. This summary focuses on the Primary market. Key points include: * **Market Shift:** LPs are impatient, demand immediate returns, and are skeptical of future promises. The "easy money" narrative has faded. * **GP Value Erosion:** LP learning curves have shortened (aided by AI), reducing the value of a GP's basic "crypto knowledge." Superior judgment is now rare. * **Weakened LP Motivations:** Traditional reasons for LPs to invest in crypto VC funds (capturing industry beta, gaining access, leveraging GP judgment) have weakened due to new products like ETFs and increased LP sophistication. * **Surviving in Primary:** The primary market will likely persist for: 1) large funds in endowment mandates treating it as a lottery ticket, 2) family offices/HNWIs using proprietary capital, 3) a few funds with proven recent outperformance, and 4) funds with strong ecosystem "deal-making" capabilities. * **Conclusion:** For most GPs, rebuilding trust requires starting over in a niche, demonstrating alpha-generating ability, or providing concrete value/services to LPs.

marsbitHace 5 hora(s)

The Midlife Crisis of Crypto GPs: No PMF, No Next Check from LPs

marsbitHace 5 hora(s)

Trading

Spot

Futuros