TLDR
- Security firm Coinspect uncovered a vulnerability called “Ill Bloom” affecting crypto wallets across Bitcoin, Ethereum, Polygon, Tron, Solana and more
- The flaw stems from weak random number generation during recovery phrase creation in certain mobile software wallets
- At least $5 million has been stolen since May 27, with $3.1 million taken from 431 wallets in a single attack
- Wallets generated as far back as 2018 are potentially at risk
- Coinspect has released a free tool for users to check if their wallet address is exposed
Blockchain security firm Coinspect has disclosed a vulnerability it calls “Ill Bloom,” which has put thousands of crypto wallets at risk of being drained.
We're closely monitoring the Ill Bloom wallet weak randomness risk alert from @coinspect .
Please check whether any of your historical wallet addresses are affected👉 https://t.co/cTRltZCfyB
Thanks to @coinspect for the responsible disclosure. Stay safe! https://t.co/cC6OTxqvpX
— SlowMist (@SlowMist_Team) July 6, 2026
The flaw is tied to weak randomness in how some software wallets generate recovery phrases. When the random number generator used during wallet creation is not secure enough, it makes the resulting seed phrases easier to predict and exploit.
Wallets across Bitcoin, Ethereum, Polygon, Rootstock, Tron, and Solana are affected.
The vulnerability has been present since at least 2018. Coinspect says wallets were still being generated with this flaw in recent weeks, meaning new users could also be at risk.
How the Attacks Unfolded
On May 27, attackers hit 431 wallets out of 2,114 identified as vulnerable, stealing $3.1 million in cryptocurrency.
More funds were moved on Sunday, with around $2 million drained from exposed wallets. The total stolen stands at a minimum of $5 million, though Coinspect says the true number could be higher across additional networks.
Coinspect has not published the full technical details of the exploit to avoid giving attackers more information.
The firm says hardware wallet users are not affected. Most mainstream software wallets are also believed to be safe. The highest-risk group is users who generated their seed phrase using lesser-known mobile software wallets.
Past Cases of Weak Wallet Seeds
This is not the first time weak seed generation has caused problems.
In 2023, Ledger’s security team found that Trust Wallet’s browser extension generated seeds with limited randomness. The flaw narrowed possible phrase combinations to around four billion, which could be cracked in under a day using a few GPUs. Trust Wallet fixed the bug before any funds were taken.
Also in 2023, a flaw in the Libbitcoin Explorer wallet led to $900,000 being stolen through private key brute-forcing.
Coinspect says the Ill Bloom issue does not come from a single wallet provider, making it harder to contain.
Security monitoring firm SlowMist confirmed it is tracking the situation. Coinspect is urging wallet providers to integrate weak mnemonic detection tools into their software.
Users who think they may be affected can use Coinspect’s wallet-checking tool to see if their address is exposed. If funds have moved without permission, Coinspect says the vulnerability may be the cause.







