Attackers Use ‘Ill Bloom’ Vulnerability to Exploit $3.1 Million in Cryptocurrency Wallets

Security firm Coinspect exposed a costly crypto wallet flaw Ill Bloomand attackers are already using it. The mistake is how the other wallet software generated its return phrase, the words that control the money. If that phrase is weakly randomized, an attacker can manipulate it and take everything they control.
Coinspect confirmed a coordinated sweep on May 27 that netted approximately $3.1 million from 431 wallets. It says nearly $2 million more has moved from exposed wallets since then. How much was stolen, and how much money the owners were taking to security, is not yet clear.
As the company puts it, “if funds have recently been transferred without your consent, this risk may be the reason.”
Most people are probably right. Coinspect says that wallets created on hardware devices are not affected, and most standard software wallets are not. The real risk lies with old or little-known mobile wallets, some dating back to 2018.
Coinspect didn’t name the apps involved, so the only way to know is to check. Paste your community fund address into the free checker at illbloom.org. The same means that the return phrase should be considered risk-adjusted, so move your money to a new fund.
What exactly is broken
Each storage bag begins with a rescue phrase, usually 12 or 24 words, also called a seed phrase. Those names are meant to be selected automatically from a pool so large that guesswork is hopeless. The affected wallets were not random enough. Their software used a weak random number generator when generating the sentence.
That narrowed the pool of potential phrases from astronomically large to narrow for an attacker to search. Coinspect did not publish how small it is.
Coinspect claims to have reconstructed the attack from end to end. It ran through the full set of phrases that the weak generator could produce, found the addresses of each wallet that led to them, and checked the public blockchain records for addresses that still held funds.
The result is a list of wallets that are born weak, regardless of the application that generated them.
Theft, by the numbers
As of June 30, Coinspect tracked 2,114 addresses with chain activity across Bitcoin, Ethereum, Rootstock, Tron, and Polygon. The May 27 sweep cost an estimated $3.1 million to 431 of them. Bitcoin took its worst hit of nearly $2.57 million, and one Bitcoin address lost more than $1.1 million alone.
Coinspect could tell it was one coordinated theft because hundreds of unrelated wallets sent their balances to the same few cluster addresses within hours.
Counting the last move, more than $5 million has left these wallets since May 27. Coinspect calls that the floor, not the ceiling: it’s only mapped this set of addresses so far and expects more. At its peak in 2022, the same set was worth a rebuild of $12.56 million, though most of that amount had fallen off the market before the May 27 sweep.
What to do
A developer at illbloom.org compares a public wallet address against Coinspect’s list of known vulnerable wallets. Accepts Bitcoin, Tron, Solana, and Ethereum style addresses (Ethereum, Polygon, BNB, and other EVM chains).
A single weak phrase can expose funds to all the chains it controls, so check every address tied to the same seed, not just the ones that have already been deleted. A clean result is not a guarantee, because the list is not complete, but the similarity is a clear warning.
If your address matches:
- Treat the recovery sentence as corrupted. Money is not safe just because it is not moving.
- Create a brand new wallet with a brand new name. You should see a new set of 12 to 24 characters. When the app asks you to type in your old passphrase, you’re re-opening a weak wallet, not creating a new one.
- Move your money to a new wallet. Reinstalling the old app or importing the same phrase elsewhere doesn’t change anything.
Another caveat. Scams like this attract scammers who promise to “redeem” your money. A real tester doesn’t need a secret. Coinspect says it will “never ask for seed phrases, private keys, signatures, or authentication, or ask users to send funds to ‘restore’ or secure a wallet.”
Do not type your recovery phrase, secret key, password, or backup file into any site or message, ever. A hardware wallet is a very secure place to transfer funds, but generate a new phrase on the device rather than importing an old one.
We have seen this before
This is an old failure with a new name. Coinspect took “Ill Bloom” from “ill bloom,” the first weak phrase produced by its generator, in the same way that Milk Sad was named “sad milk” in 2023. That bug (CVE-2023-39910), in the Libbitcoin Explorer command line tool, allowed thieves to spend millions in July.
A close cousin (CVE-2023-31290) hit the Trust Wallet browser extension in the same year, which can be cracked in less than a day.
A similar trap caught Randstorm, a random error THN covered in 2023, which left Bitcoin wallets created between 2011 and 2015 vulnerable because the browser code behind them used incorrect random numbers.
The researchers realized at the time that the error was baked into those wallets forever, and the only fix was to move the funds to a new wallet made with better software. That’s exactly what Ill Bloom is all about.
Every few years, the wallet-number generator seems predictable. Wallets that looked safe are leaking. The fix is always the same: move the money to a new location. The bag looks good, and the words seem random, but the machine that chose them was predictable. A predictable key is not a key at all.
What’s next
An open question now is which applications produced the weakest phrases. Public comment doesn’t reveal who did it, so Coinspect is asking similar users to report what they’ve used, and pass on the findings to vendors and groups that can do something about it.
Hacker News has reached out to Coinspect to comment on which wallet apps generated the weak recovery phrases and the scope of the exposed set, and will update this story with any response.”



