Categories: Payment system news

Android Flaw Leaves 30 Million Crypto Wallets Open To Attack: Microsoft Analysts

A patch has been available for nearly a year, but millions of Android users may still be running vulnerable crypto wallet apps — leaving their funds and private keys exposed to a known security flaw.

Microsoft’s Defender Security Research Team went public last week with details of a vulnerability it first caught in April 2025. The flaw lived inside a widely used software component called the EngageLab SDK, version 4.5.4.

Because that SDK is baked into thousands of Android apps, a single malicious app could trigger a chain reaction that reached far beyond itself.

How The Attack Works

The method is called “intent redirection.” An attacker’s app sends a specially crafted message to any app running the flawed SDK version. Once that message lands, the targeted app is tricked into handing over read and write access to its own data — including stored seed phrases and wallet addresses.

Android’s built-in sandbox system, which normally keeps apps from seeing each other’s data, was bypassed entirely. According to Microsoft, the attack affected more than 50 million apps across the Android ecosystem, with roughly 30 million of those being crypto wallets.

The vulnerability did not require the user to do anything wrong. No suspicious links. No phishing pages. Just having the wrong apps installed at the same time was enough.

Response From Microsoft And Google

Microsoft moved quickly after its discovery. By May 2025, the company had brought Google and the Android Security Team into the response. EngageLab released a fixed version — SDK 5.2.1 — shortly after.

Reports indicate that both Microsoft and Google have since directed users on how to verify whether their wallet apps have been updated through Google Play Protect.

Officials also pointed to a broader concern: apps installed as APK files from outside the Play Store are at higher risk, since they bypass the security checks that Google applies to apps listed in its official marketplace.

What Users Should Do Now

For most users who update their apps regularly, the risk has likely passed. But for anyone who has not updated since mid-2025, the recommended action goes beyond a simple app refresh.

Security teams are advising those users to move their funds into entirely new wallets, generated with fresh seed phrases. Any wallet that was active and unpatched during the exposure window should be treated as potentially compromised.

The disclosure comes alongside a separate Android chip vulnerability flagged the previous month and a new US Treasury initiative that pairs government agencies with crypto firms to share cybersecurity threat information — a sign that mobile security in the crypto space is drawing attention at the highest levels.

Featured image from Bleeping Computer, chart from TradingView

superadmin

Recent Posts

Memecoins Abandoned: Holders at All-Time Low as Dominance Drops to 3.7%

The memecoin economy is under considerable stress amid a major downturn in the larger cryptocurrency…

3 hours ago

‪Is Solana Gearing Up To Flip XRP? Fresh Market Data Tells An Interesting Story

Speculation is mounting in the crypto community over whether Solana (SOL) has the momentum to…

3 hours ago

XRP Network Activity Skyrockets As Daily Active Addresses Jump 72% in Two Weeks

XRP remained largely range-bound on Saturday despite high market liquidity, failing to establish a clear…

1 day ago

Strategy CEO Compares Firm to Amazon and Tesla, Says Crises Define Great Companies

Strategy CEO Phong Le believes that periods of turmoil, rather than bull markets, are what…

1 day ago

Bitcoin Enters Final Selling Phase, Here’s What Might Happen Next

Bitcoin appears to be entering the final stages of its recent downtrend, according to market…

1 day ago

RippleX Engineer Reveals XRP Ledger’s Push Toward a Quantum-Safe Future & Booming AI Economy

The race to secure blockchain networks for the next generation of computing is already underway,…

1 day ago