Blockchain security firm Coinspect says a class of “recovery phrase” wallets may be vulnerable to draining due to the way some wallets generate their seed—specifically, the use of weaker-than-intended randomness during recovery phrase creation. The issue, which Coinspect calls “Ill Bloom,” has been tied to unauthorized fund movements on multiple networks and has already resulted in at least $5 million in drained cryptocurrency, the firm reported.
Coinspect linked the risk to certain software wallets that generate seed phrases using an insecure pseudorandom number generator. The firm says wallets created as far back as 2018 could be affected, and it has released a wallet-checking tool so users can assess whether their addresses appear potentially exposed.
Key takeaways
- Coinspect reports the “Ill Bloom” risk is tied to weak randomness used when generating recovery phrases in some software wallets.
- The affected wallet address scope spans Bitcoin, Ethereum, Polygon, Rootstock, Tron, and Solana, with unauthorized movement tied to wallets generated as early as 2018.
- Coinspect says at least $5 million has been drained from exposed wallets since May 27, with an additional ~$2 million moved on Sunday (as reported by Coinspect).
- Coinspect states evidence suggests hardware-wallet-generated seeds are not affected, while the strongest candidates are users of lesser-known mobile software wallets.
- Coinspect is not publishing active-exploit details, but has released a tool for users to check whether their address is potentially exposed.
What Coinspect says is going wrong
In a disclosure published Sunday, Coinspect described “Ill Bloom” as an exploit path caused by weak randomness—an insecure pseudorandom number generator—used during recovery phrase generation on certain software wallets. In practical terms, if wallet seed generation doesn’t produce enough entropy as intended, attackers may be able to narrow the space of possible mnemonic phrases and systematically target wallets.
Coinspect said the issue may explain cases where funds were moved without permission. The firm also highlighted that the problem has been observed in wallets generated as early as 2018, and that the issue tends to show up more frequently in less prominent mobile software wallets rather than widely adopted products.
Networks involved and how much was stolen
Coinspect said it identified potentially exposed wallets across several networks: Bitcoin, Ethereum, Polygon, Rootstock, Tron, and Solana. In its reporting, the firm warned that the exploit may not be limited to those chains and addresses it has publicly analyzed.
According to Coinspect, data indicates that an attack starting May 27 compromised 431 wallets out of 2,114 vulnerable wallets. That activity resulted in total drained cryptocurrency of $3.1 million. Coinspect further stated that an additional $2 million was moved on Sunday from exposed wallets. While those numbers reflect the subset of wallets the firm analyzed, Coinspect cautioned that there may have been exploits on other networks and additional addresses—meaning the total number of affected wallets could be higher than its initial scope.
Coinspect also did not provide step-by-step information about the active exploit, stating that it is not publishing those details “at this stage.” Instead, it focused on helping users verify exposure and understand the underlying seed-generation weakness.
Hardware wallets vs. software wallets
One of the more consequential distinctions in Coinspect’s disclosure is who it believes is less likely to be affected. Coinspect said it has evidence suggesting that users who generated their seed with a hardware wallet are not impacted by the “Ill Bloom” risk.
Coinspect also argued that “most current software wallets” are likely not vulnerable. However, the strongest candidates, it said, are users who created seed phrases within less widely used mobile software wallets. That framing matters for day-to-day risk management: it suggests that the threat is not uniform across all software wallets, but rather tied to specific implementation choices around how entropy and pseudorandomness are produced during recovery phrase creation.
SlowMist, another security firm, also publicly acknowledged the alert on X on Monday, saying it was closely monitoring the issue reported by Coinspect.
A recurring vulnerability pattern in wallet security
“Ill Bloom” fits into a broader pattern that has appeared before in crypto wallet security: when the entropy or randomness behind seed generation is flawed, attackers can sometimes reduce the effective search space of possible recovery phrases.
In 2023, Ledger’s security team reported that wallet seeds generated using the Trust Wallet browser extension were vulnerable to brute-force attacks. Ledger said the issue came from limitations in how entropy was generated for new addresses, which reduced the total possible mnemonic combinations to roughly four billion—small enough that an attacker could attempt a search in under a day using only a few GPUs. Ledger also noted Trust Wallet patched the bug before funds were stolen.
The following year, another example highlighted by the wider security community involved Libbitcoin Explorer, where a vulnerability led to approximately $900,000 in crypto being stolen through private-key brute-forcing.
Coinspect’s disclosure underscores that even when theft doesn’t immediately occur, weak randomness in seed generation can create long-tail risk for users who created wallets years earlier, especially if those wallets were generated using the same flawed entropy logic.
What users can do now
Coinspect said it has released a wallet-checking tool so users can determine whether their address may be exposed. The immediate takeaway is that checking exposure may be more urgent than simply assuming a wallet is safe based on general brand reputation, since Coinspect’s analysis points to weaker randomness conditions in specific wallet implementations—particularly certain lesser-known mobile software wallets.
Users who notice unauthorized transactions should treat the situation as potentially related to seed-generation weakness, not just normal compromise or phishing. What remains uncertain is the full scale of exposure across all networks and addresses beyond Coinspect’s initial analysis, but the firm’s public tooling suggests that verification is the next practical step for holders.






