‘Ill Bloom’ Vulnerability: Over $5 Million Stolen From Cryptocurrency Wallets Due to Weak Security
'Ill Bloom' Vulnerability Drains Over $5 Million From Cryptocurrency Wallets in Coordinated Attack
A newly disclosed flaw in cryptocurrency wallet software has allowed attackers to steal more than $5 million from hundreds of wallets since May 2026 — and security researchers warn the exposed pool of vulnerable addresses is still growing.
Security firm Coinspect published its findings on the vulnerability it calls "Ill Bloom," revealing that weak random-number generation in certain wallet applications left recovery phrases predictable enough for attackers to reconstruct and exploit. The disclosure came with an urgent warning: wallets born with this flaw remain at risk indefinitely unless users move their funds to a freshly generated wallet.
How the 'Ill Bloom' Flaw Works
Every self-custody cryptocurrency wallet is anchored by a recovery phrase — typically 12 or 24 words drawn from an enormous pool of possible combinations. The size of that pool is what makes guessing any phrase essentially impossible under normal conditions. Understanding how cryptocurrency wallets store and protect private keys is essential context for grasping why this flaw is so damaging.
The wallets affected by Ill Bloom were not operating under normal conditions. Their software used a weak random-number generator at the moment of creation, shrinking the universe of possible phrases to a range an attacker could realistically search. Coinspect has not disclosed exactly how small that range is.
The firm says it reconstructed the attack methodology end to end. It worked through every phrase the weak generator could produce, derived the corresponding wallet addresses, and cross-referenced those addresses against public blockchain records to identify which ones still held funds. The result is a watchlist of wallets that were compromised at birth — regardless of which application created them or how carefully the owner protected the phrase afterward.
Coinspect has identified five vulnerable wallet implementations through a combination of on-chain funding links, GitHub code searches, and reverse engineering of closed-source Android apps and Chrome extensions. It is not naming those applications publicly at this stage and acknowledges there are likely others it has not yet found.
Why Weak Randomness Is So Dangerous
The technical root cause here is worth understanding. Cryptographic security depends on entropy — genuine unpredictability — at the moment a wallet is generated. When a wallet application substitutes a low-quality random-number generator, often due to poor implementation choices or flawed dependencies, the resulting seed phrase only appears random. In practice, an attacker who knows which generator was used can enumerate every phrase it was ever capable of producing.
This is not a flaw that can be patched retroactively. The damage is baked into the wallet at the instant of creation. No amount of careful handling afterward — strong passwords, hardware storage of the phrase, avoiding phishing — can compensate for a seed that was never truly random to begin with.
The Theft, By the Numbers
The most significant confirmed incident occurred on May 27, 2026, when a coordinated sweep drained approximately $3.1 million from 431 wallets. Bitcoin absorbed the largest share of losses at roughly $2.57 million. A single Bitcoin address lost more than $1.1 million on its own.
Researchers identified the sweep as a single coordinated operation because hundreds of unrelated wallets transferred their full balances to the same small cluster of collection addresses within hours of each other — a pattern consistent with an attacker who had pre-computed the vulnerable keys and executed the drains simultaneously.
A separate theft of $2.1 million in USDT followed the May 27 sweep, pushing confirmed losses past $5 million. Coinspect told The Hacker News that the May 27 attacker had already obtained the seed phrase controlling that USDT but left the funds sitting on a different blockchain. Researchers spotted the exposed balance on June 10 and attempted to alert the wallet owner through exchanges the address had previously interacted with. The warning did not arrive in time.
A Stark Limitation Researchers Couldn't Overcome
Coinspect noted a sobering constraint in that situation. It could derive the compromised keys but could not move the funds to safety because "once a seed phrase is compromised, possessing the key no longer proves legitimate ownership."
This highlights a fundamental tension at the heart of decentralised finance: the same properties that make self-custody wallets resistant to censorship also make it impossible for researchers — or anyone else — to intervene on a victim's behalf, even when the danger is fully known in advance.
As of June 30, the firm had traced 2,114 exposed addresses with on-chain activity across Bitcoin, Ethereum, Rootstock, Tron, and Polygon. Researchers describe confirmed losses as a floor rather than a ceiling. The exposed address list has grown since that snapshot — not because new weak wallets are being created, but because Coinspect continues identifying additional vulnerable seed-generation paths.
A Pattern the Industry Has Seen Before
This vulnerability fits a pattern the industry has encountered before. For anyone tracking the evolving threat landscape facing blockchain and cryptocurrency systems, the Ill Bloom flaw follows a well-documented trajectory of randomness-related exploits.
The 2023 "Milk Sad" flaw (CVE-2023-39910) in the Libbitcoin Explorer tool allowed thieves to drain millions in a single July sweep. A related flaw (CVE-2023-31290) hit the Trust Wallet browser extension the same year. The Randstorm vulnerability, also covered in 2023, left Bitcoin wallets created between 2011 and 2015 permanently crackable due to poor browser-based randomness. In every case the only remediation was moving funds to a new wallet — identical to the fix required for Ill Bloom.
The recurring nature of these incidents points to a systemic problem: wallet developers across the industry have repeatedly underestimated the difficulty of implementing cryptographically sound randomness, particularly in browser-based environments and mobile applications where operating system entropy sources are inconsistent or poorly documented.
What Users Should Do Right Now
Coinspect has made a free checker available at illbloom.org. Users can paste any public wallet address — Bitcoin, Tron, Solana, or Ethereum-compatible addresses including Polygon and BNK Chain — to check whether it appears on the known-vulnerable list. A clean result is not a guarantee since the list remains incomplete. A match is an unambiguous warning.
If Your Address Matches
If an address matches, Coinspect's guidance is direct:
- Treat the recovery phrase as fully compromised regardless of whether funds have moved
- Create a brand-new wallet and generate a fresh recovery phrase on that new wallet
- Move all funds to the new wallet immediately
- Do not reinstall the old application or import the old phrase into any other app — doing so reopens the same compromised wallet
The firm also warns that wallets spared in the May 27 sweep are not safe. Attackers appear to have skipped wallets holding less than approximately $5, but those seeds remain compromised. Any funds deposited into them later can be taken.
Choosing a More Secure Wallet Going Forward
Not all wallets carry equal risk. Hardware wallets — dedicated physical devices that generate keys in an isolated environment with dedicated hardware random-number generators — offer meaningfully stronger guarantees at the point of creation than most software-based alternatives. If you are migrating funds following this disclosure, this is a practical moment to evaluate whether a hardware wallet better suits your security requirements.
Conducting a structured vulnerability assessment of the tools and platforms in your digital asset setup is a worthwhile exercise regardless of whether your current addresses appear on the Ill Bloom watchlist. Proactive review is considerably less costly than reactive recovery.
Watch for Scams Exploiting This Disclosure
Coinspect closes with one firm warning for users navigating this alert: "We will never ask for seed phrases, private keys, signatures, or approvals, or ask users to send funds to 'recover' or protect a wallet."
Security incidents reliably attract impersonators and scammers. No legitimate tool or researcher needs a private key or recovery phrase to help. If anyone contacts you claiming to represent Coinspect — through social media, email, or messaging platforms — and requests any of the above, treat it as a scam without exception. Cross-reference any communications against Coinspect's official website and published disclosures before taking any action.
Three Immediate Steps for Every Crypto User
- Check every wallet address you control at illbloom.org — one compromised seed phrase can expose funds across multiple blockchains simultaneously
- If you use older or lesser-known mobile wallet apps or browser extensions, treat them as higher-risk regardless of checker results and consider migrating to a hardware wallet with a freshly generated phrase
- Bookmark Coinspect's ongoing disclosures — the firm continues to expand its list of vulnerable seed-generation paths and has not yet publicly identified the five affected wallet implementations
For broader context on how researchers track and disclose vulnerabilities of this nature, the CERT Coordination Center at Carnegie Mellon University maintains extensive public resources on coordinated vulnerability disclosure practices and historical case studies.