Over $5 Million Stolen via Weak Wallet Randomness Flaw
Security research firm Coinspect has disclosed a cryptocurrency wallet vulnerability it calls Ill Bloom, and active exploitation is already underway. Attackers have stolen over $5 million from affected wallets by exploiting a flaw in how certain wallet software generates recovery seed phrases.
The core issue: when a wallet's seed phrase is generated using a weak or predictable pseudorandom number generator (PRNG), an attacker can systematically enumerate the reduced entropy space to derive the corresponding private keys — without ever having direct access to the victim's device.
How the Ill Bloom Attack Works
The Flaw: Weak Randomness at Wallet Creation
A cryptocurrency wallet's security depends entirely on the randomness of its seed phrase — the 12 to 24 word recovery phrase that encodes the private key controlling all associated funds. When the software generating that phrase relies on a flawed PRNG (one with insufficient entropy, a predictable seed, or a broken implementation), the space of possible seed phrases shrinks dramatically.
Where a properly generated 24-word BIP-39 phrase has 256 bits of entropy, wallets affected by Ill Bloom may produce phrases with only 32 to 64 bits of effective entropy — a range that modern hardware can brute-force offline in hours to days.
Attack Flow
1. Attacker identifies on-chain wallets created during periods of known vulnerable library use
2. For each target address, attacker runs offline PRNG enumeration against the reduced entropy space
3. Matching seed phrases are derived and corresponding private keys generated
4. Attacker signs and broadcasts transactions draining the wallet balance
5. Funds are swept to attacker-controlled addresses and mixedThe attack is entirely off-chain until the final transaction broadcast — it leaves no trace in the target wallet's transaction history until the moment funds are drained.
Affected Wallets and Libraries
Coinspect's disclosure indicates the vulnerability affects wallets generated by certain software libraries during specific time windows, primarily between 2018 and 2024. The firm has not named all affected libraries publicly to allow coordinated disclosure, but confirmed:
- The flaw affects multiple wallet implementations across Bitcoin, Ethereum, and Solana ecosystems
- Wallets generated on mobile devices and in browser-based web wallets are among those at higher risk
- Hardware wallets using dedicated secure elements are not affected
Scale of Active Exploitation
| Metric | Value |
|---|---|
| Confirmed stolen | $5M+ |
| Assets targeted | BTC, ETH, SOL |
| Wallet creation window | 2018–2024 |
| Exploitation status | Active as of July 2026 |
Coinspect notes the exploitation appears targeted — attackers are prioritizing wallets with significant balances rather than conducting mass sweeps of all potentially affected addresses.
How to Check If Your Wallet Is Affected
- Use Coinspect's checker tool — the firm is providing a tool to assess whether specific wallet addresses were generated with vulnerable software. Check the Coinspect website for availability.
- Check your wallet software version and source — wallets generated by well-maintained, reputable software using OS-level randomness (
/dev/urandom,CryptGenRandom) are typically safe. - Review wallet creation date — if the wallet was created between 2018 and 2024 using mobile or browser-based software, treat it as potentially affected until verified.
Immediate Actions
If You May Be Affected
- Create a new wallet using reputable software (e.g., latest version of a well-audited desktop client) or a hardware wallet (Ledger, Trezor)
- Transfer all funds from potentially affected wallets to the new wallet immediately
- Do not reuse the old wallet addresses — treat them as permanently compromised
- Monitor affected addresses for unauthorized outbound transactions
For Ongoing Security
- Use hardware wallets for significant cryptocurrency holdings; their secure elements use certified random number generators
- Generate wallets offline using air-gapped devices when high value is involved
- Periodically audit wallet software for security advisories from the maintainers
Why This Class of Vulnerability Persists
Cryptographic PRNG failures in wallet software are not new — similar issues have surfaced in Android's Java SecureRandom implementation (2013), early Bitcoin wallet software, and various web-based generators. The challenge is that:
- The flaw is only detectable years later when researchers reverse-engineer the generation algorithm
- Affected wallets continue to function normally — there is no visible indication of the weakness
- Funds remain at risk indefinitely unless proactively migrated
The Ill Bloom disclosure reinforces the importance of using formally audited wallet software and hardware security modules for any significant cryptocurrency storage.
Source: The Hacker News / Coinspect, July 2026