Today, we released a new version of our Android wallet in response to a recent security disclosure. In rare circumstances, certain versions of Android operating system could fail to provide sufficient entropy, and when backup provisions also failed, multiple users could end up generating duplicate addresses. To our knowledge, this bug resulted in one specific address being generated multiple times, leading to a loss of funds for a handful of users.
Though the issue occurs rarely, it might impact bitcoin addresses generated by old versions of our wallet when run on Android 4.1 “Jelly Bean” or older. Users should download the latest version of our app from the Google Play store, and update their Android OS.
Users who have generated potentially impacted bitcoin addresses are encouraged to follow these steps:
1. Send funds sitting in potentially impacted addresses to newly generated addresses. Note that addresses created with the latest Android app, the iOS app, or at www.blockchain.info will not be affected by the flaw.
2. Potentially impacted addresses should be archived to avoid accidental reuse.
If you believe that you were negatively impacted by this issue, please contact our support team: https://blockchain.zendesk.com/home