EngageLab SDK Flaw Exposed 50M Android Users, Including 30M Crypto Wallet Installs

Published: 3 weeks ago (April 9, 2026 at 01:26 PM EDT)

1 min read

Source: The Hacker News

Overview

Details have emerged about a now‑patched security vulnerability in a widely used third‑party Android software development kit (SDK) called EngageLab SDK that could have put millions of cryptocurrency wallet users at risk.

Impact

Potentially affected 50 million Android users.
Included 30 million installs of cryptocurrency wallet apps that integrated the SDK.

Technical Details

The flaw allowed apps on the same device to bypass Android’s security sandbox.
Attackers could gain unauthorized access to private data stored by other apps, including wallet credentials and transaction information.

Mitigation

The vulnerability has been patched by the SDK vendor.
Users are advised to update affected apps to the latest version that incorporates the fix.
Developers should review third‑party SDKs for security practices and keep dependencies up‑to‑date.

References

Microsoft Defender report on the EngageLab SDK vulnerability.
Official security advisory from EngageLab (link to the patch announcement).

EngageLab SDK Flaw Exposed 50M Android Users, Including 30M Crypto Wallet Installs

Overview

Impact

Technical Details

Mitigation

References

Related posts

EngageLab SDK Flaw Exposed 50M Android Users, Including 30M Crypto Wallets

Adobe Patches Actively Exploited Acrobat Reader Flaw CVE-2026-34621

Google adds E2E encryption to Gmail for iOS and Android enterprise users

First look: The OPPO Find X9 Ultra brings back leather and goes big on camera design