Ill Bloom Vulnerability Compromises Crypto Wallets Through Weak Randomness
- CVE ID
- N/A
- CVSS Score
- N/A
- Affected Products
- Mobile software wallets, browser extensions with weak seed phrase generation; specific implementations unnamed publicly by researchers
Overview
A critical vulnerability, named “Ill Bloom,” has been disclosed that impacts certain cryptocurrency wallet applications. This flaw stems from weak randomness in the process of generating 12-word recovery phrases (seed phrases), which are essential for controlling crypto assets. The predictable nature of these ill-generated seed phrases allows attackers to reconstruct them and subsequently drain funds from affected wallets. Security firm Coinspect, which discovered and disclosed the vulnerability, has confirmed active exploitation, with over $5 million already stolen from affected users. The initial sweep on May 27, 2026, alone saw approximately $3.1 million drained from 431 wallets across various blockchains, including Bitcoin, Ethereum, Tron, Rootstock, and Polygon. A subsequent theft of $2.1 million in USDT from an exposed wallet further underscores the severity and ongoing threat posed by Ill Bloom.
Technical Details
The Ill Bloom vulnerability is not a malicious token approval or a fake recovery form. Instead, it traces back to a fundamental cryptographic weakness: the use of a weak random-number generator during the creation of a wallet’s 12-word recovery phrase. Standard recovery phrases are derived from a vast pool of possible word combinations, making them astronomically difficult to guess. However, the flawed implementations generated phrases from a significantly smaller, predictable subset, thereby shrinking the attack surface to a searchable range for determined attackers. Coinspect successfully rebuilt the attack end-to-end, generating the full set of possible weak phrases, deriving the corresponding wallet addresses, and then cross-referencing these with public blockchain records to identify affected wallets. The firm has identified five vulnerable wallet implementations, though it has not publicly named them to prevent further exploitation. These implementations were traced through on-chain funding links, GitHub code analysis, and reverse-engineering of closed-source mobile Android apps and Chrome extensions, with some vulnerable wallets dating back to 2018. Hardware-wallet-generated seeds are not affected by this specific vulnerability, and most current mainstream software wallets are not believed to be vulnerable.
Real-World Impact
The real-world impact of Ill Bloom is severe and direct financial loss for users whose wallets were generated with the flawed randomness. The coordinated nature of the May 27 sweep, where hundreds of unrelated wallets sent their balances to the same few collection addresses within hours, strongly indicates a systematic exploitation campaign. Users on multiple blockchain networks, including Bitcoin, Ethereum, Tron, Rootstock, and Polygon, have seen their assets compromised. The vulnerability highlights a critical failure in the security foundations of affected wallets, where the initial setup process created an inherent weakness that remained dormant until exploitation. For affected individuals, the loss is total for the funds held in those specific wallets. The unusual response for users—checking only a public wallet address and never submitting a seed phrase—underscores the unique nature of this attack, which targets the fundamental security of the wallet generation process itself.
Threat Landscape
The Ill Bloom vulnerability illustrates a dangerous trend where foundational cryptographic weaknesses in widely used software can lead to significant financial losses. While the affected wallets are primarily older or less widely adopted mobile software wallets and browser extensions, the sheer volume of potential victims and the confirmed millions in stolen funds underscore the broad risk. This type of vulnerability, where the security of the seed phrase is compromised at generation, poses a more insidious threat than typical phishing or malware attacks, as the user may have taken all recommended precautions for their generated seed phrase (e.g., storing it offline) yet still be vulnerable. The difficulty in identifying all affected wallet apps without revealing potential new targets adds complexity to remediation efforts. The ongoing nature of the exploitation, even after initial reports, confirms that threat actors are actively scanning for and targeting these predictable wallet addresses.
Remediation
Affected users must immediately take action to secure their assets. The primary recommendation is to check if any of your public wallet addresses are among those generated by weak randomness. Coinspect has provided a public-address checker tool for this purpose. Crucially, users should only ever enter their public wallet address into such a checker, never their recovery (seed) phrase. If an address matches a vulnerable pattern, all funds associated with that seed phrase should be immediately moved to a newly generated wallet using a reputable, well-established hardware or software wallet that is known not to be affected by this flaw. Users should be highly suspicious of any prompts asking for their seed phrase, as Ill Bloom is not a repairable issue by importing the weak phrase into another app; the underlying keys remain compromised. Wallet developers are urged to review their random number generation processes for recovery phrase creation, particularly for older versions, and to issue advisories and patches if their implementations are found to be vulnerable.
Found something similar in your stack?
Let's find out before it becomes an incident.
Book an advisory call