Blockchain security firm Coinspect has disclosed a vulnerability it calls “Ill Bloom,” which has put thousands of crypto wallets at risk of being drained.
The flaw is tied to weak randomness in how some software wallets generate recovery phrases. When the random number generator used during wallet creation is not secure enough, it makes the resulting seed phrases easier to predict and exploit.

Wallets across Bitcoin, Ethereum, Polygon, Rootstock, Tron, and Solana are affected.
The vulnerability has been present since at least 2018. Coinspect says wallets were still being generated with this flaw in recent weeks, meaning new users could also be at risk.
On May 27, attackers hit 431 wallets out of 2,114 identified as vulnerable, stealing $3.1 million in cryptocurrency.
More funds were moved on Sunday, with around $2 million drained from exposed wallets. The total stolen stands at a minimum of $5 million, though Coinspect says the true number could be higher across additional networks.
Coinspect has not published the full technical details of the exploit to avoid giving attackers more information.
The firm says hardware wallet users are not affected. Most mainstream software wallets are also believed to be safe. The highest-risk group is users who generated their seed phrase using lesser-known mobile software wallets.
This is not the first time weak seed generation has caused problems.
In 2023, Ledger’s security team found that Trust Wallet’s browser extension generated seeds with limited randomness. The flaw narrowed possible phrase combinations to around four billion, which could be cracked in under a day using a few GPUs. Trust Wallet fixed the bug before any funds were taken.
Also in 2023, a flaw in the Libbitcoin Explorer wallet led to $900,000 being stolen through private key brute-forcing.
Coinspect says the Ill Bloom issue does not come from a single wallet provider, making it harder to contain.
Security monitoring firm SlowMist confirmed it is tracking the situation. Coinspect is urging wallet providers to integrate weak mnemonic detection tools into their software.
Users who think they may be affected can use Coinspect’s wallet-checking tool to see if their address is exposed. If funds have moved without permission, Coinspect says the vulnerability may be the cause.
The post Coinspect Warns Thousands of Crypto Wallets Vulnerable to Ill Bloom Exploit appeared first on CoinCentral.


