Microsoft has published the details of an Android-native security vulnerability that exposed 30 million crypto wallet credentials to malicious actors.
The company’s Defender Security Research Team first identified the issue in April 2025 during a routine security research.
Microsoft details Android flaw affecting crypto wallets
The attack begins with the user installing malicious apps designed to bypass the Android sandbox. The latter is a security system that isolates phone apps, preventing them from “seeing” each other’s data. The app then sends a message to a vulnerable Software Development Kit (SDK), specifically version 4.5.4. An SDK is a fundamental component of every phone application, with most applications requiring several SDKs to run properly.
This corrupts all other apps that receive the message, tricking them into giving up read and write privileges for personal information within them, including crypto wallet seed phrases and addresses. This susceptibility is akin to leaving the windows open in what should be a top-security building.
How to protect your crypto wallet
Known as an “intent redirection,” the attack compromised over 50 million apps, including 30 million crypto wallets.
That said, Microsoft promptly teamed up with Google and the Android Security Team in May 2025. This led EngageLab to release the patched version – SDK 5.2.1.
The team now encourages users to swiftly update their apps and verify them using Google Play Protect. They also encourage downloading apps from the Play Store rather than as APK files from websites, since the former are subject to stricter security checks.
Even more, users who have not made any updates since mid-2025 are encouraged to move any funds they may have in their crypto wallets to new wallets with fresh seed phrases.
Related cybersecurity developments
The report is the latest regarding crypto-related Android flaws, with another involving Android chips flagged early last month.
Nonetheless, there is greater hope for industry security with the recently announced collaboration between the US Treasury and crypto firms to share cybersecurity information.
Today, @USTreasury OCCIP announced a new initiative to strengthen cybersecurity across the digital asset industry.
Eligible U.S. digital asset firms and industry organizations that meet Treasury’s criteria will be able to receive, at no cost, the same actionable cybersecurity…
— Treasury Department (@USTreasury) April 9, 2026