Massive Android Vulnerability Left Millions Of Crypto Wallets Exposed to Hackers
News By Alex Dovbnya Thu, 9/04/2026 - 20:34 A severe "intent redirection" vulnerability within the popular EngageLab software development kit (SDK) temporarily left more than 30 million Android cryptocurrency wallets exposed to potential data theft. Advertisement
Advertisement
A severe vulnerability in a popular third-party Android software development kit (SDK) left tens of millions of cryptocurrency wallets vulnerable to data theft, according to a newly published report by the Microsoft Defender Security Research Team.
The flaw has allowed malicious applications to bypass Android's core security sandbox.
The scope of the threat
The vulnerability has affected a wide range of applications. The cryptocurrency and digital wallet ecosystem bore the brunt of the exposure due to the high-value nature of the stored data.
HOT Stories Cardano Founder Takes Swipe at XRP in Fiery Social Media Exchange Shiba Inu (SHIB) Gets ETF Chance After Canary's Newest Filing, $90.3 Million Hyperliquid Whale Opens Unusual XRP Long, Bitcoin Eyes $64,900 Return Amid Double Rejection From Bollinger Bands: Morning Crypto ReportMicrosoft identified over 30 million installations of affected third-party crypto wallet applications. The total exposure exceeded 50 million installations.
Advertisement You Might Also Like
Mon, 03/30/2026 - 07:05
NPR Host Hacked by Crypto Scammers
ByAlex Dovbnya
If exploited, the vulnerability could have exposed Personally Identifiable Information (PII), private user credentials, and sensitive financial data stored deep within the affected app's private directories.
Fortunately, Microsoft noted that there is currently no evidence to suggest this vulnerability was ever actively exploited by threat actors in the wild.
AdvertisementThe "intent redirection" flaw
The EngageLab SDK is a tool utilized by developers to manage push notifications and real-time in-app messaging. The security flaw was traced to a specific component (MTCommonActivity) that was automatically added to an application's background code after the build process.
Because this component was broadly exported, it became accessible to other applications installed on the same Android device.
A malicious app installed on the same device could craft a manipulated message (an "intent") and send it to the vulnerable crypto wallet app.
The wallet app would process this intent using its own trusted identity and permissions.
This tricked the wallet into granting the malicious app persistent read and write access to its private data directories.
Swift action was taken across the Android ecosystem to mitigate the threat.
#Android Advertisement
