Full Report
Security firm Coinspect has disclosed a crypto wallet flaw it calls Ill Bloom, and attackers are already using it. The flaw is in how some wallet software generated its recovery phrase, the words that control the money. When that phrase is made with weak randomness, an attacker can work it out and take everything it controls. Coinspect has confirmed one coordinated sweep on May
Analysis Summary
# Vulnerability: Ill Bloom (Weak Pseudorandom Number Generation in Crypto Wallets)
## CVE Details
- **CVE ID**: Not yet assigned (The vulnerability is identified by the name "Ill Bloom" in current reporting).
- **CVSS Score**: Estimated 9.8 (Critical) - Based on total loss of funds and network accessibility.
- **CWE**: CWE-330: Use of Insufficiently Random Values.
## Affected Systems
- **Products**: Older or lesser-known mobile cryptocurrency wallets. Hardware wallets (Ledger, Trezor, etc.) and most mainstream "modern" software wallets are confirmed as **not affected**.
- **Versions**: Specific software released as early as 2018.
- **Configurations**: Wallets that used a specific weak random-number generator (RNG) to produce 12 or 24-word recovery phrases (seed phrases).
## Vulnerability Description
The "Ill Bloom" vulnerability stems from a flaw in the wallet software’s entropy generation. When a user creates a new wallet, the software is supposed to generate a recovery phrase from an astronomically large pool of possibilities.
In affected wallets, the software uses a weak or predictable random-number generator. This significantly shrinks the "search space" of possible phrases. By brute-forcing the limited range of phrases this weak generator can produce, attackers can derive the corresponding private keys and public addresses for various blockchains.
## Exploitation
- **Status**: **Exploited in the wild.** A coordinated sweep occurred on May 27, 2026, draining $3.1 million.
- **Complexity**: Low (For attackers with the pre-calculated list of weak keys).
- **Attack Vector**: Network (The attack involves monitoring the public blockchain and moving funds via the compromised keys).
## Impact
- **Confidentiality**: High (Private keys/recovery phrases are exposed).
- **Integrity**: High (Attackers can sign transactions and move any funds residing in the wallet).
- **Availability**: High (Total loss of access to funds once stolen).
## Remediation
### Patches
There is no "patch" for an existing weak phrase. Because the recovery phrase itself is the root of the security, the wallet must be abandoned.
- **Action**: Users must generate a **new recovery phrase** using a known secure wallet (hardware wallets are recommended).
### Workarounds
- **Fund Migration**: Immediately transfer all assets from an affected address to a newly generated wallet address created with a secure RNG.
- **Verification**: Use the checker at `https[:]//illbloom[.]org/` to see if your public address is on the known-vulnerable list.
## Detection
- **Indicators of Compromise**: Unexpected outgoing transactions of the entire balance ("sweeps"); multi-chain draining (e.g., Bitcoin, Ethereum, and Polygon funds all moving simultaneously).
- **Detection Methods**:
- Cross-reference public addresses with the database of known "weak" seeds at the official disclosure site.
- Monitor for unauthorized "dusting" or testing transactions followed by a full sweep.
## References
- **Coinspect Disclosure**: `https[:]//coinspect[.]com/`
- **Official Checker Tool**: `https[:]//illbloom[.]org/`
- **News Source**: `https[:]//thehackernews[.]com/2026/07/attackers-exploit-ill-bloom[.]html`