Bitcoin.org, the organisation of developers and other community members, says all Android-based wallets used for the alternative currency are “vulnerable to theft”.

The reason is “a component of Android responsible for generating secure random numbers contains critical weaknesses”, says a statement from the organisation.

Because the problem is with the Android OS itself, any wallet generated by an Android app is at risk. The statement mentions a number of wallets at risk but admits it is an incomplete list. The names mentioned are Bitcoin Wallet, blockchain.info wallet, Bitcoinspinner and Mycelium Wallet.

“Apps where you don’t control the private keys at all are not affected,” said the organisation.

Non-Bitcoin Android wallets such as Google Wallet are unaffected.

Key rotation is needed to resecure existing wallets, which involves users generating a new address with a repaired random number generator and then sending all the money in their wallet back to themselves.

If they use an Android wallet then Bitcoin “strongly recommends” an upgrade to the latest version of the OS available in the Play Store as soon as one becomes available. Once the wallet is rotated, the user will need to contact anyone who has stored addresses generated by their phone and give them a new one.

If the user can’t update their Android app, alternatively, they can send their bitcoins to a Bitcoin wallet on their computer until their Android app can be updated. They should not send their bitcoins back to their old, insecure address.