Microsoft has published details of an Android security flaw that exposed 30 million crypto wallet credentials to malicious players.
The company’s Defender Security Research Team discovered the problem in April 2025 during a security investigation.
Microsoft explains Android bug affecting crypto wallets
The attack starts with the user installing malicious software designed to bypass the Android sandbox. The latter is a security feature that separates phone apps, preventing them from “seeing” each other’s data. This app sends information to the Software Development Kit (SDK), specifically version 4.5.4. An SDK is an essential part of any mobile application, and many applications require multiple SDKs to run smoothly.
This infects all other programs that receive the message, tricking them into reading and writing access to personal information inside, including passwords and crypto wallet addresses. This risk is equivalent to leaving the windows open in what should be a high security building.
How to secure your crypto wallet
It is known as “the goal of control,” the attack it compromised more than 50 million apps, including 30 million crypto wallets.
That said, Microsoft immediately contacted Google and the Android Security Team in May 2025. This prompted EngageLab to release a patched version – SDK 5.2.1.
The group is now encouraging users to quickly update their apps and verify them using Google Play Protect. They also recommend downloading apps from the Play Store rather than as APK files from websites, as the former are subject to stricter controls.
In addition, users who have not changed anything since mid-2025 are encouraged to move any money they may have in their crypto wallets to new wallets with new words.
This report is the latest in crypto-related Android bugs, and another one about Android chips known early last month.
However, there is great hope for corporate security with the recently announced partnership between the US Treasury and crypto companies to share cyber security information.
Trust CoinPedia:
CoinPedia has been providing accurate and timely cryptocurrency and blockchain updates since 2017. All content is created by our team of expert researchers and journalists, following strict Editorial guidelines based on EEAT (Effectiveness, Expertise, Validity, Trustworthiness). Each article is checked against the standard to ensure accuracy, transparency, and reliability. Our review policy ensures an unbiased review when we develop exchanges, platforms, or tools. We strive to provide timely updates on everything crypto & blockchain, from startups to industry executives.
Investment Disclaimer:
All opinions and information shared represent the author’s opinion on market conditions. Please do your own research before making any financial decisions. Neither the author nor the publisher is responsible for your financial decisions.
Offers and Promotions:
Sponsored content and affiliate links can be viewed on our website. Advertisements are clearly identifiable, and our content is not independent of our advertisers.
