On Monday, June 1, news broke that one lucky Bitcoin user had suddenly received 34 BTC (around $8,000) in his or her account. While the bitcoins may have been pleasant surprise for the user, it exposed a faulty bug with the Andriod Bitcoin wallet Blockchain. It became clear that the Blockchain’s random number generator (random.org) switched to HTTPS, giving apps asking for a random number a 301 error message. In turn, Blockchain used the 301 number to create the private key corresponding to address1Bn9ReEocMG1WEW1qYjuDrdFzEFFDCq43F. This happened to be the address of the lucky Bitcoin recipient. Blockchain notes only those using Android 4.1 or older would be effected, and as such, the bug would only impact a handful of users.
The Blockchain advisory states,
In rare circumstances, certain versions of Android operating system could fail to provide sufficient entropy, and when backup provisions also failed, multiple users could end up generating duplicate addresses,” Blockchain said in its latest blog. “To our knowledge, this bug resulted in one specific address being generated multiple times, leading to a loss of funds for a handful of users.”
Blockchain responded by releasing an updated version of the wallet app on the Google Play Store and encouraging all users to move funds from the potentially effected addresses to newly generated addresses. It also encourages users to take note of the effected addresses to avoid use in the future.
Read more here, “Bitcoin App Issues Critical Update After Rare Bug Leads to Total Crypto Breakdown,” Alex Hern, The Guardian