
Coinspect found Ill Bloom seed flaw since 2018. Two attacks stole $5M. Affected: Bitcoin, Ethereum, Solana. Hardware wallets safe. Check your addresses.
Alpha Score of 61 reflects moderate overall profile with strong momentum, poor value, strong quality. Based on 3 of 4 signals – score is capped at 90 until remaining data ingests.
A security flaw in wallet seed generation, named Ill Bloom, has led to two coordinated attacks and at least $5 million in thefts across six blockchain networks, Coinspect reported. The blockchain security firm disclosed the vulnerability over the weekend. SlowMist, a security monitoring organization, confirmed it is tracking the situation.
The flaw stems from weak randomness in seed phrase generation by certain software wallets. When wallet apps use insufficient random number generators, the resulting mnemonics become predictable. Coinspect found the vulnerability has been present since 2018. Vulnerable wallets were still being created weeks ago, the firm said.
The first attack came on May 27. Hackers targeted 431 wallets from a pool of 2,114 identified vulnerable addresses, draining $3.1 million. A second wave over the weekend took roughly $2 million more. Total losses sit at a minimum of $5 million, though Coinspect said the real figure may be higher when counting across all affected networks.
The affected networks include Bitcoin, Ethereum, Polygon, Rootstock, Tron, and Solana. Hardware wallets are not vulnerable, Coinspect said. Most popular software wallets are also safe. The main risk group is people who generated recovery phrases with obscure or lesser-known mobile wallet apps.
Coinspect identified the vulnerable addresses by analyzing on-chain transaction patterns and known seed generation algorithms. The firm said the true number of weak wallets may be higher than the 2,114 identified. Coinspect has released a verification tool that checks a wallet address against a database of known vulnerable addresses generated with weak entropy. Users can run the tool on Coinspect's website.
Past incidents in the crypto market show similar problems. In 2023, Ledger's security team found a seed generation weakness in Trust Wallet's browser extension. That flaw reduced possible phrase combinations to about four billion, making brute-force attacks feasible within a day using modest GPU power. Trust Wallet fixed the issue before any funds were lost, Coinspect noted. Also in 2023, a weakness in Libbitcoin Explorer wallet software led to $900,000 in thefts through systematic private key brute-force attacks.
The Ill Bloom flaw is harder to fix because it does not come from a single wallet provider, Coinspect said. The firm is calling on wallet developers to integrate weak mnemonic detection into their applications. Coinspect has withheld full technical details to limit what attackers can exploit.
SlowMist flagged the issue on July 6, citing Coinspect's alert, before Coinspect's public disclosure. Attackers likely scanned for wallets created with low-entropy seeds, Coinspect said, which is why they targeted specific addresses.
Coinspect advises anyone who used a little-known mobile wallet to generate a seed phrase before 2024 to transfer funds to a hardware wallet or a reputable software wallet. Users who see unauthorized transactions from their wallets may be victims of the Ill Bloom vulnerability.
The flaw shows how a single implementation error in key generation can expose funds across multiple chains, Coinspect said.
Prepared with AlphaScala research tooling and grounded in primary market data: live prices, fundamentals, SEC filings, hedge-fund holdings, and insider activity. Each story is checked against AlphaScala publishing rules before release. Educational coverage, not personalized advice.