Today, we released a new version of our Android wallet in response to a recent security disclosure. In rare circumstances, certain versions of Android operating system could fail to provide sufficient entropy, and when backup provisions also failed, multiple users could end up generating duplicate addresses. To our knowledge, this bug resulted in one specific address being generated multiple times, leading to a loss of funds for a handful of users.
Though the issue occurs rarely, it might impact bitcoin addresses generated by old versions of our wallet when run on Android 4.1 “Jelly Bean” or older. Users should download the latest version of our app from the Google Play store, and update their Android OS.
Users who have generated potentially impacted bitcoin addresses are encouraged to follow these steps:
1. Send funds sitting in potentially impacted addresses to newly generated addresses. Note that addresses created with the latest Android app, the iOS app, or at www.blockchain.info will not be affected by the flaw.
2. Potentially impacted addresses should be archived to avoid accidental reuse.
If you believe that you were negatively impacted by this issue, please contact our support team: https://blockchain.zendesk.com/home
When making a scheduled software update overnight to our web-wallet, our development team inadvertently affected a part of our software that ensures private keys are generated in a strong and secure manner.
The issue was present for a brief period of time between the hours of 12:00am and 2:30am GMT on December the 8th 2014. The issue was detected quickly and immediately resolved. In total, this issue affected less than 0.0002% of our user base and was limited to a few hundred addresses.
Read more “Blockchain.info Security Disclosure”
This issue first came to our engineering team’s attention in August 2013. We took steps then to patch the vulnerability created by a small minority of users relying on old out of date Web browser versions.
Read more “Security update regarding Blockchainr”
It has come to our attention that some Blockchain users and even people who have never used our wallet service are receiving fake email notifications, which contain concealed links that direct users to sites that may attempt to capture their login information or infect their computer with malware.
Read more “Beware: Phishing Attempts”
**This issue has since been resolved. Thanks for your patience!
Read more “Having trouble using our services?”
Recent problems at the Mt.Gox bitcoin exchange appear to be the result of an implementation flaw related to a known bitcoin technical issue. The issue is that of “Transaction Malleability”, a problem in certain implementations that allows an attacker to modify a transaction in such a way as to make the same transaction appear under a different transaction ID (Tx Hash), without changing any of the internal information (sender, recipient, value etc). This issue first became known in 2011 and it does not affect correctly implemented bitcoin clients, such as the reference client (bitcoind/bitcoin-qt).
Read more “Dear Blockchain Users:”