Ill Bloom recovery-phrase flaw: $5M+ drained from vulnerable wallets
Security firm Coinspect warns that the “Ill Bloom” vulnerability may leave thousands of crypto wallets exposed across Bitcoin, Ethereum, Polygon, Rootstock, Tron and Solana. The issue stems from weak randomness (an insecure pseudorandom generator) used when generating recovery seed phrases in some software wallets.
Coinspect says wallets generated as early as 2018 can be affected, and the problem appears more often in lesser-known mobile software wallets. The firm estimates at least $5 million has been drained from exposed wallets since May 27, though additional chains and addresses could be impacted.
Attack details shared by Coinspect: on May 27, an attack hit 431 wallets out of 2,114 vulnerable wallets, stealing about $3.1 million. Another ~$2 million was moved from exposed wallets on Sunday. Coinspect is not publishing the active exploit method yet, but it released a wallet-checking tool so users can verify whether their address is potentially exposed.
Coinspect also notes that users who generated seed phrases with hardware wallets are not affected, and most current software wallets are also likely safe. The strongest candidates are users who generated seeds in less widely used mobile software wallets.
This follows prior seed/entropy-related incidents, including 2023 brute-force risk in Trust Wallet browser extensions and a Libbitcoin Explorer flaw that led to ~$900,000 in theft.
Bearish
A real “Ill Bloom” seed-phrase weakness plus confirmed multi-million-dollar thefts can temporarily raise risk premiums, especially for users of mobile software wallets. In the short term, traders may see negative sentiment around on-chain security headlines, potentially causing cautious positioning and rotation away from higher operational-risk themes (e.g., non-custodial/mobility-heavy setups). In the long term, if Coinspect’s checking tool and wallet-side mitigations reduce exposure, the market impact may fade—similar to past incidents (e.g., 2023 Trust Wallet and Libbitcoin Explorer) where immediate fear was followed by patches and sentiment stabilization. Net effect is mildly bearish rather than systemic, because Coinspect indicates hardware-wallet-generated seeds and most current software wallets appear unaffected.