Microsoft recently disclosed a critical Android security flaw that exposed 30 million crypto wallet credentials to potential threats.
The vulnerability was initially identified by Microsoft’s Defender Security Research Team in April 2025 during routine security research.
Microsoft details Android flaw affecting crypto wallets
The exploit begins with the installation of malicious apps that can bypass the Android sandbox, a security feature that isolates apps from accessing each other’s data. These apps then send a message to a vulnerable Software Development Kit (SDK), particularly version 4.5.4. SDKs are essential components of phone applications, with several SDKs required for most apps to function correctly.
This malicious activity compromises other apps that receive the message, tricking them into granting access to personal information, including crypto wallet seed phrases and addresses. This vulnerability is akin to leaving the windows open in a high-security building.
How to protect your crypto wallet
Referred to as “intent redirection,” the attack impacted over 50 million apps, including 30 million crypto wallets.
Following the discovery, Microsoft collaborated with Google and the Android Security Team in May 2025 to release a patched version – SDK 5.2.1.
Users are advised to promptly update their apps and verify them using Google Play Protect. It is also recommended to download apps from the Play Store rather than from third-party websites as the former undergo stricter security checks.
Furthermore, users who have not updated their apps since mid-2025 are urged to transfer any funds from their crypto wallets to new wallets with fresh seed phrases.
This incident is the latest in a series of Android vulnerabilities related to cryptocurrencies, with a previous issue involving Android chips reported last month.
The collaboration between the US Treasury and crypto firms to exchange cybersecurity information offers hope for enhanced industry security.
Trust with CoinPedia:
CoinPedia has been delivering accurate and timely cryptocurrency and blockchain updates since 2017. All content is created by our expert panel of analysts and journalists, following strict Editorial Guidelines based on E-E-A-T (Experience, Expertise, Authoritativeness, Trustworthiness). Every article is fact-checked against reputable sources to ensure accuracy, transparency, and reliability. Our review policy guarantees unbiased evaluations when recommending exchanges, platforms, or tools. We strive to provide timely updates about everything crypto & blockchain, right from startups to industry majors.
Investment Disclaimer:
All opinions and insights shared represent the author’s own views on current market conditions. Please do your own research before making investment decisions. Neither the writer nor the publication assumes responsibility for your financial choices.
Sponsored and Advertisements:
Sponsored content and affiliate links may appear on our site. Advertisements are marked clearly, and our editorial content remains entirely independent from our ad partners.