Android Flaw Leaves 30 Million Crypto Wallets Open To Attack: Microsoft Analysts
A patch has been out there for practically a 12 months, however hundreds of thousands of (*30*) customers should still be operating susceptible crypto pockets apps — leaving their funds and personal keys uncovered to a identified safety flaw.
Microsoft’s Defender Security Research Team went public final week with particulars of a vulnerability it first caught in April 2025. The flaw lived inside a broadly used software program element known as the EngageLab SDK, model 4.5.4.
Because that SDK is baked into 1000’s of (*30*) apps, a single malicious app might set off a sequence response that reached far past itself.
How The Attack Works
The methodology is named “intent redirection.” An attacker’s app sends a specifically crafted message to any app operating the flawed SDK version. Once that message lands, the focused app is tricked into handing over learn and write entry to its personal knowledge — together with saved seed phrases and pockets addresses.
(*30*)’s built-in sandbox system, which usually retains apps from seeing one another’s knowledge, was bypassed fully. According to Microsoft, the assault affected greater than 50 million apps throughout the (*30*) ecosystem, with roughly 30 million of these being crypto wallets.
The vulnerability didn’t require the person to do something incorrect. No suspicious hyperlinks. No phishing pages. Just having the incorrect apps put in on the identical time was sufficient.
Response From Microsoft And Google
Microsoft moved rapidly after its discovery. By May 2025, the corporate had introduced Google and the (*30*) Security Team into the response. EngageLab launched a set model — SDK 5.2.1 — shortly after.
Reports point out that each Microsoft and Google have since directed customers on the best way to confirm whether or not their pockets apps have been up to date by means of Google Play Protect.
Officials additionally pointed to a broader concern: apps put in as APK recordsdata from exterior the Play Store are at greater threat, since they bypass the safety checks that Google applies to apps listed in its official market.
What Users Should Do Now
For most customers who replace their apps commonly, the risk has doubtless handed. But for anybody who has not up to date since mid-2025, the advisable motion goes past a easy app refresh.
Security groups are advising these customers to maneuver their funds into fully new wallets, generated with contemporary seed phrases. Any pockets that was energetic and unpatched in the course of the publicity window ought to be handled as probably compromised.
The disclosure comes alongside a separate (*30*) chip vulnerability flagged the earlier month and a brand new US Treasury initiative that pairs authorities companies with crypto corporations to share cybersecurity menace data — an indication that cellular safety within the crypto house is drawing consideration on the highest ranges.
Featured picture from Bleeping Computer, chart from TradingView
