Security researchers at Coinspect have uncovered a vulnerability in cryptocurrency wallet software, dubbed 'Ill Bloom,' that has already been exploited to steal approximately $3.1 million from 431 wallets in a coordinated attack on May 27. The flaw lies in weak random number generation during the creation of recovery phrases, making it possible for attackers to guess the seed words and drain funds. Coinspect has identified over 2,100 exposed addresses across Bitcoin, Ethereum, Rootstock, Tron, and Polygon, with Bitcoin suffering the heaviest losses at roughly $2.57 million.
How the Vulnerability Works
Every self-custody wallet relies on a recovery phrase—typically 12 or 24 words—that should be generated randomly from an enormous pool of possibilities. In affected wallets, the software used a weak random-number generator, drastically shrinking the pool of potential phrases. This allowed attackers to brute-force the seed and derive the corresponding wallet addresses. Coinspect reconstructed the attack by generating all possible phrases, deriving addresses, and cross-referencing them with blockchain records to identify vulnerable wallets still holding funds.
The flaw primarily affects older or lesser-known mobile wallets, some dating back to 2018. Hardware wallets and most mainstream software wallets are not impacted. Coinspect has not disclosed the specific apps involved, but users can check their exposure by entering a public wallet address at illbloom.org. A match indicates the recovery phrase should be considered compromised.
Scale of the Theft
According to Coinspect, the May 27 sweep was a single coordinated theft, as hundreds of unrelated wallets sent their balances to a few collection addresses within hours. Bitcoin bore the brunt, with one address losing over $1.1 million. Since then, more than $5 million has left the exposed wallets, though Coinspect notes that some of that movement may be owners securing their funds. The firm estimates that at its peak in 2022, the same set of wallets held a reconstructed $12.56 million, but much of that value had already declined before the attack.
What Users Should Do
Coinspect advises anyone whose wallet address matches the vulnerable list to treat their recovery phrase as compromised immediately. Users should create a brand-new wallet with a fresh seed phrase and transfer all funds to it. Importing the old phrase into a new app does not fix the issue, as the underlying weakness remains. The checker at illbloom.org accepts Bitcoin, Tron, Solana, and Ethereum-style addresses, but a clean result is not a guarantee since the list is incomplete.
Scammers may offer to "rescue" funds, but Coinspect emphasizes that a legitimate checker never asks for seed phrases, private keys, or signatures. Users should never enter their recovery phrase on any website or message.
A Recurring Problem
Ill Bloom is the latest in a series of wallet vulnerabilities caused by weak randomness. In 2023, the Milk Sad bug (CVE-2023-39910) in the Libbitcoin Explorer tool allowed similar thefts, and the Trust Wallet browser extension had a related flaw (CVE-2023-31290) crackable in under a day. The Randstorm vulnerability, disclosed in 2023, affected Bitcoin wallets created between 2011 and 2015 due to poor browser-based random number generation. In each case, the only fix is to move funds to a wallet generated with robust randomness.
Next Steps
Coinspect is asking users who find their addresses on the list to report which wallet app they used, in order to identify the responsible software vendors. The firm is sharing its findings with affected teams to help prevent future exploits.