
Coinspect warns Ill Bloom flaw from weak seed randomness may drain more wallets. $5M stolen so far from mobile software wallets. Hardware wallets appear safe.
Coinspect warned this week that thousands of crypto wallets could still be vulnerable to the "Ill Bloom" weakness in seed phrase generation. The security firm said the flaw stems from poor randomness during wallet creation on mobile software apps, making private keys easier to guess than they should be.
The known damage so far: $3.1 million drained from 431 wallets on May 27 out of 2,114 vulnerable addresses Coinspect reviewed. Another $2 million moved from exposed wallets the following Sunday. That brings the tracked total to about $5 million. Coinspect said the real number is likely higher because the analysis has not covered every chain or address set tied to the same weak generation pattern.
The firm released a wallet-checking tool so users can test whether their addresses may be exposed. SlowMist is also tracking the alert. The security firm posted that it is closely monitoring the risk and advised users to check older wallet addresses.
Coinspect said current evidence shows users who generated their seed with a hardware wallet are not affected. Most current software wallets also appear safe. The strongest candidates are users who generated seeds in less widely used mobile software wallets, especially those created before 2024.
A hardware wallet uses a dedicated secure element to generate randomness. Mobile software wallets, particularly from smaller developers, sometimes rely on the device's built-in random number generator. On some phones that generator can produce predictable sequences. The same seed phrase reused across apps does not fix the problem – the weak entropy is baked in from the moment the wallet was created.
Coinspect said the vulnerability affects wallets created on Bitcoin, Ethereum, Polygon, Rootstock, Tron and Solana. The flaw is not limited to one wallet provider. Users who created wallets on any mobile app that used weak randomness could be exposed.
The issue is not isolated. The Randstorm vulnerability in 2023 hit BitcoinJS wallets built with weak random number generation. In March, a MediaTek chip flaw exposed seed phrases on some Android phones, showing how device security and wallet security overlap. Both cases involved the same root problem: a wallet that looks normal but carries a hidden flaw from creation.
Coinspect has not published full exploit details because the risk remains active. That limits information for attackers while giving users a way to check their addresses.
Users with exposed wallets should move funds to a newly generated wallet created through a hardware device or a trusted software wallet that uses strong randomness. They should not reuse the old seed phrase – that would keep the same weak entropy. The wallet-checking tool on Coinspect's site can confirm whether an address is in the vulnerable set.
Phishing remains a separate threat. Scammers have used fake wallet pop-ups to steal seed phrases directly, as Scam Sniffer warned in February. Users facing the Ill Bloom issue should generate the new seed on a clean device and store the phrase offline.
The Ill Bloom flaw shows why seed phrase quality matters. A wallet can hold assets and function normally across chains while carrying a hidden vulnerability from the moment it was created.
Prepared with AlphaScala research tooling and grounded in primary market data: live prices, fundamentals, SEC filings, hedge-fund holdings, and insider activity. Each story is checked against AlphaScala publishing rules before release. Educational coverage, not personalized advice.