The blockchain security firm Coinspect has identified a vulnerability, termed “Ill Bloom,” that affects numerous crypto wallets associated with Bitcoin, Ethereum, Polygon, Tron, Solana, and others, leading to substantial potential losses.
The vulnerability arises from inadequate random number generation used during the creation of recovery phrases in certain mobile software wallets. Coinspect has estimated that over $5 million in cryptocurrency has been stolen since the issue was first detected on May 27.
Details of the Exploit
In one incident, attackers exploited this weakness to steal $3.1 million from 431 wallets identified as vulnerable out of a total of 2,114 wallets monitored. Following this, an additional loss of approximately $2 million was reported from exposed wallets, bringing the total minimum stolen amount to $5 million. Coinspect has cautioned that the actual figure may be higher due to untracked losses on other networks.
This flaw has been present since at least 2018, with new wallets continuing to be created with the same vulnerability, potentially putting new users at risk as well.
Targeted Wallets and Affected Users
Hardware wallets and most mainstream software wallets seem to be unaffected by this vulnerability. The primary risk lies with users utilizing lesser-known mobile software wallets that generate their seed phrases insecurely. Coinspect has developed a free tool for users to verify the safety of their wallet addresses.
Past Vulnerabilities and Future Precautions
This incident is not the first of its kind; in 2023, notable weaknesses were found in the Trust Wallet's browser extension as well, highlighting the ongoing issue of weak seed generation in wallets. The current situation complicates matters since the “Ill Bloom” vulnerability is not confined to a specific wallet provider, complicating remediation efforts.
Security monitoring firm SlowMist is actively tracking developments related to the Ill Bloom vulnerability. Coinspect has called upon wallet providers to incorporate tools for detecting weak mnemonic phrases to safeguard users' assets.



