Thousands of crypto wallets at risk from ‘Ill Bloom’ vulnerability: Coinspect

Summary

Coinspect disclosed “Ill Bloom,” a weak-randomness flaw affecting recovery phrase generation in some software wallets across Bitcoin, Ethereum, Polygon, Rootstock, Tron, and Solana. The issue stems from an insecure pseudorandom number generator, making some seed phrases easier to brute-force. Wallets generated as early as 2018 may be vulnerable, especially lesser-known mobile wallets. Coinspect says hardware-wallet-generated seeds are not affected, and most current software wallets are likely safe. At least $5 million has already been drained from exposed wallets since May 27, including $3.1 million from 431 of 2,114 vulnerable wallets in one attack and another $2 million moved on Sunday. Coinspect has not published exploit details but released a tool for users to check exposure. The flaw echoes past wallet-seed entropy bugs that enabled similar thefts.