Shoddy crypto is being blamed for the loss of Bitcoin for an unnamed number of Blockchain users.
Blockchain, one of the busiest Bitcoin wallets, on Thursday released a security update for its Android app correcting the situation.
“In rare circumstances, certain versions of [the] Android operating system could fail to provide sufficient entropy, and when backup provisions also failed, multiple users could end up generating duplicate addresses,” wrote Blockchain communications manager Alyson Margaret. “To our knowledge, this bug resulted in one specific address being generated multiple times, leading to a loss of funds for a handful of users.”
The Blockchain advisory said the issue may be limited to Bitcoin addresses generated by versions of the wallet running on the Jelly Bean version of Android, version 4.1. Users are urged to download the latest version of the Blockchain app for Android from Google Play.
A threat on the Bitcoin subreddit pins the blame on vulnerabilities in the Blockchain pseudorandom number generator (PRNG) called RandomOrgGenerator.
The author, whose handle is murbul, said that Blockchain uses a LinuxSecureRandom class that seeds its random number generator with data from random.org, which when combined with entropy using XOR, provides a random number. When it failed, as with older versions of Android, it relied solely on the random.org data, the post said.
Don't rely on software OS random number generators, ever. Especially when money is on the line. http://t.co/9ZLmH0UbiU
— Matthew Green (@matthew_d_green) May 29, 2015
Topping that off, web service calls to random.org were made over HTTP, however as of Jan. 4, random.org enforced HTTPS only.
“So since that date, the entropy has actually been the error message (turned into bytes) instead of the expected 256-bit number,” the post says. “Using that seed, SecureRandom will generate the private key for address 1Bn9ReEocMG1WEW1qYjuDrdFzEFFDCq43F 100% of the time. Ouch. This is around the time that address first appears, so the timeline matches.”
Too much pseudo, too little random. PRNG issue leads to Bitcoin theft http://t.co/HyXGBto98i (HT @el33th4xor)
— Martijn Grooten (@martijn_grooten@mastodon.social) (@martijn_grooten) May 29, 2015
The good news is that it’s likely a fairly small number of Android devices running 4.1 or older and running Blockchain on the same device, are affected.
Blockchain said affected users should send their Bitcoin to a new address generated by the new version of the Android app running on an up to date version of the OS. It also suggests archiving affected wallet addresses to avoid reusing them.