Find notable cyber news and cases, enriched with sources, timelines, and signals.

Wallet software weak recovery-phrase generation actively exploited security flaw

Vulnerability
First reported
Last updated
Happening score
H score 31
1 unique sources, 1 articles

Summary

Hide ▲

Coinspect disclosed Ill Bloom, a weak-randomness recovery-phrase flaw in crypto wallet software that is actively exploited and can let attackers derive wallet addresses and drain funds. The issue is concentrated in older or lesser-known mobile wallets, while hardware devices and most mainstream software wallets are not affected. A confirmed May 27 sweep drained about $3.1 million from 431 wallets.

Timeline

  1. 10.07.2026 12:00 2 articles · 1h ago

    May 27 sweep drains $3.1 million from vulnerable crypto wallets

    Exploitation Observed

    Attackers exploited weak recovery-phrase generation in vulnerable crypto wallet software and, on May 27, drained about $3.1 million from 431 wallets by deriving control of funds from predictable seed phrases.

    Show sources
  2. 10.07.2026 12:00 1 articles · 1h ago

    Coinspect discloses Ill Bloom wallet flaw and warns users to move funds

    Initial Disclosure

    Coinspect disclosed Ill Bloom, a weak-randomness flaw in crypto wallet recovery-phrase generation, said attackers are already using it, and noted that hardware devices and most mainstream software wallets are not affected while older or lesser-known mobile wallets, some going back to 2018, remain at risk. By June 30, the firm had traced 2,114 exposed addresses across Bitcoin, Ethereum, Rootstock, Tron, and Polygon, and it directed users to compare public wallet addresses with the free checker at illbloom.org and move matched funds to a brand-new wallet.

    Show sources