Top StoriesBearish
70
BTCETHPOL+2

Ill Bloom Vulnerability Exposes Thousands of Crypto Wallets

A weakness in random number generation for recovery phrases in certain software wallets has led to at least $5M in theft across Bitcoin, Ethereum, and other chains since May. Coinspect released a checker tool; hardware wallet users are safe.

CointelegraphCointelegraph by Felix Ng

Quick Take

1

At least $5M drained from vulnerable wallets since May 27.

2

Weak randomness in seed generation affects several mobile wallets.

3

Coinspect provides a free wallet-checking tool for users.

4

Hardware wallets and most current software wallets are unaffected.

Market Impact Analysis

Bearish

Exploit undermines confidence in certain software wallets, potentially causing panic selling from affected users, but limited to lesser-known wallets.

Timeframeshort

Speculation Analysis

Factuality85/100
RumorsVerified
Speculation Trigger55/100
MinimalExtreme FOMO

Key Takeaways

  • At least $5 million drained from vulnerable wallets since May 27 due to weak recovery phrase generation.
  • Weak randomness in certain mobile software wallets exposed thousands of wallets across Bitcoin, Ethereum, Polygon, and others.
  • Coinspect released a free wallet-checking tool; hardware wallet users and most current software wallets are safe.
  • Active exploit details are withheld, meaning further thefts may occur; users of older, lesser-known wallets should check immediately.
Total Stolen >$5 million since May 27
Wallets Drained (May 27) 431 of 2,114 vulnerable wallets affected
Single-Day Theft $3.1 million on May 27 alone
Recent Movement $2 million moved on Sunday

What Happened

A vulnerability dubbed Ill Bloom in certain software wallets' random number generation has led to thousands of wallets being drained, with at least $5 million stolen since May 27. Blockchain security firm Coinspect disclosed that the issue stems from an insecure pseudorandom number generator used during recovery phrase creation. Wallets generated as early as 2018 on Bitcoin, Ethereum, Polygon, Tron, Solana, and Rootstock are affected.

The attack targeted wallets with weak entropy, allowing thieves to brute-force seed phrases and siphon funds. Coinspect has released a free checker tool for users to verify exposure, while emphasizing that hardware wallets and most current software wallets are not vulnerable.

The Numbers

Since May 27, over $5 million has been stolen across multiple chains. On the single day of May 27, attackers drained 431 out of 2,114 vulnerable wallets, netting $3.1 million. An additional $2 million was moved from exposed wallets the following Sunday, indicating the exploit remains active. Thousands of wallets remain at risk, with potential undiscovered victims across additional networks.

Why It Happened

The root cause is weak entropy in the random number generation process for recovery phrases on certain mobile software wallets. Insufficient randomness makes seed phrases predictable and brute-forceable, a flaw reminiscent of past vulnerabilities like the 2023 Trust Wallet browser extension bug, where limited entropy allowed attackers to guess seeds in hours. In the Ill Bloom case, wallets created years ago with flawed generators are now being systematically exploited, highlighting the long-tail risk of insecure seed generation.

Broader Impact

The Ill Bloom exploit erodes trust in lesser-known software wallets, potentially driving users toward hardware wallets or rigorously audited solutions. It underscores the critical importance of secure seed generation and may prompt industry-wide reviews of entropy standards across wallet providers. The cross-chain nature of the attack demonstrates how a fundamental security flaw can cascade across multiple ecosystems.

What to Watch Next

  • Monitor Coinspect's ongoing disclosure for details on specific vulnerable wallets and any wallet provider patches.
  • Watch for further fund movements from flagged wallets, as perpetrators may continue to exploit exposed seeds.
  • Track industry response: expect increased scrutiny of seed generation methods and potential advisories from security firms.

Source: Cointelegraph

This article is for informational purposes only and does not constitute financial advice.

SourceRead the full article on Cointelegraph
Read full article

Always late to trends?

Join for the latest news, insights & more.

Disclaimer: Bytewit is an independent media outlet that delivers news, research, and data.

© 2026 Bytewit. All Rights Reserved. This article is for informational purposes only.

Read Next

Most Read

📰
Market AnalysisBearish
28

Veteran Trader Brandt Mulls Bitcoin-to-Gold Shift

Peter Brandt, a veteran trader, reveals he's considering selling some bitcoin to buy gold, signaling a shift in sentiment towards the precious metal.

BTC
20% confidence
Jul 6, 2026, 6:03 AM UTC · CoinDesk
Ill Bloom Vulnerability Drains Over $5M from Crypto Wallets | Bytewit