Wallet software weak recovery-phrase generation actively exploited security flaw
Vulnerability
Summary
Hide ▲
Show ▼
Coinspect disclosed Ill Bloom, a weak-randomness recovery-phrase flaw in crypto wallet software that is actively exploited and can let attackers derive wallet addresses and drain funds. The issue is concentrated in older or lesser-known mobile wallets, while hardware devices and most mainstream software wallets are not affected. A confirmed May 27 sweep drained about $3.1 million from 431 wallets.
Timeline
-
10.07.2026 12:00 2 articles · 1h ago
May 27 sweep drains $3.1 million from vulnerable crypto wallets
Exploitation ObservedAttackers exploited weak recovery-phrase generation in vulnerable crypto wallet software and, on May 27, drained about $3.1 million from 431 wallets by deriving control of funds from predictable seed phrases.
Show sources
- Attackers Exploit 'Ill Bloom' Vulnerability to Drain $3.1 Million From Cryptocurrency Wallets — thehackernews.com — 10.07.2026 12:00
- Attackers Exploit 'Ill Bloom' Vulnerability to Drain $3.1 Million From Cryptocurrency Wallets — thehackernews.com — 10.07.2026 12:00
-
10.07.2026 12:00 1 articles · 1h ago
Coinspect discloses Ill Bloom wallet flaw and warns users to move funds
Initial DisclosureCoinspect disclosed Ill Bloom, a weak-randomness flaw in crypto wallet recovery-phrase generation, said attackers are already using it, and noted that hardware devices and most mainstream software wallets are not affected while older or lesser-known mobile wallets, some going back to 2018, remain at risk. By June 30, the firm had traced 2,114 exposed addresses across Bitcoin, Ethereum, Rootstock, Tron, and Polygon, and it directed users to compare public wallet addresses with the free checker at illbloom.org and move matched funds to a brand-new wallet.
Show sources
- Attackers Exploit 'Ill Bloom' Vulnerability to Drain $3.1 Million From Cryptocurrency Wallets — thehackernews.com — 10.07.2026 12:00