A Weak Random Number Is Draining Crypto Wallets Made As Far Back As 2018
• July 6, 2026 12:28 pm • CommentsCoinspect has disclosed a wallet vulnerability called Ill Bloom, and the uncomfortable part is where the weakness lives.
The exposed path is recovery-phrase generation, separate from blockchain consensus or a phishing approval request.
The problem sits at the moment certain software wallets generated recovery phrases. If the randomness behind that process was weak, the resulting phrase may be far easier to guess than it was supposed to be.
That can turn an old wallet into a live risk years later.
Today we are publishing the first Ill Bloom findings: affected-address checker + on-chain analysis to help users identify exposed addresses and protect their assets.
🔗 https://t.co/U0b4f3jtgz
⚠️ We will never ask for seed phrases, private keys, signatures, or approvals, or ask…— Coinspect Security (@coinspect) July 6, 2026
Cointelegraph reported on July 6 that thousands of crypto wallets are at risk from the Ill Bloom vulnerability.
The report described the root problem as weak randomness during recovery phrase generation in certain software wallets. It said affected wallets span Bitcoin, Ethereum, Polygon, Rootstock, Tron, and Solana.
Cointelegraph also reported that at least $5 million has been drained from exposed wallets since May 27. The affected wallets included some generated as early as 2018, which makes this a long-tail security problem rather than a bug limited to a brand-new app release.
The story is narrower than a blanket warning against all software wallets. Cointelegraph said the vulnerable cases more often appeared in lesser-known mobile software wallets, while hardware wallets are not shown as affected by the current evidence and most current software wallets are not described as vulnerable.
The official Ill Bloom disclosure names the technical root cause as weak randomness, or insecure PRNG, during recovery phrase generation.
That distinction matters because a recovery phrase can control funds across multiple chains. A wallet may first look suspicious on one network, but the same phrase can also derive addresses on other networks and expose assets there.
The disclosure says the affected-address checker only requires a public address. It also warns users not to enter a recovery phrase, private key, signature, or approval into any checker or site.
The same page cautions that a negative result is not a full safety certificate. It only means the submitted public address was not found in the current dataset, and the dataset may be incomplete while the investigation continues.
The Ill Bloom chain analysis puts hard numbers on one monitored slice of the problem.
As of June 30, the analyzed address set contained 2,114 active addresses across Bitcoin, Ethereum, Tron, Rootstock, and Polygon. The team labeled that set Ill Bloom Exposed Address Set 1 of June 2026.
The May 27 sweep drained 431 accounts for approximately $3,140,968. The analysis breaks that drain across chains, with Bitcoin accounting for about $2.57 million, Ethereum about $285,778, Rootstock about $177,225, Tron about $80,970, and Polygon about $23,473.
The analysis describes those figures as a measured lower bound, not the final size of the incident. It says the dataset is not exhaustive and that additional affected addresses may exist on other networks or be identified as the investigation continues.
We're closely monitoring the Ill Bloom wallet weak randomness risk alert from @coinspect .
Please check whether any of your historical wallet addresses are affected👉 https://t.co/cTRltZCfyB
Thanks to @coinspect for the responsible disclosure. Stay safe! https://t.co/cC6OTxqvpX
— SlowMist (@SlowMist_Team) July 6, 2026
Coinspect also published a broader explainer on why weak seed generation can remain dangerous for years.
The key point is that recovery phrases are permanent secrets. If a phrase was created with weak randomness, updating the wallet app later does not change how that phrase was originally generated.
Coinspect says importing the same recovery phrase into a different app leaves the same weak creation path in place. A safer app can protect newly generated wallets, yet the old phrase still came from the flawed generator.
The explainer says weak seed-generation failures require historical analysis beyond a patch to the latest software version. Developers have to determine whether older versions or generation paths created phrases with insufficient entropy, while users have to treat the phrase itself as the exposed asset if a match is found.
That is why Ill Bloom lands differently from an ordinary wallet bug. A bad approval can be revoked, and a compromised device can be replaced.
A weak recovery phrase follows the wallet wherever that phrase goes, across apps, accounts, networks, and future deposits.
Crypto security often talks about custody as a user choice. Ill Bloom is a reminder that custody also depends on the invisible quality of the randomness that created the keys in the first place.
Join the conversation!
We have no tolerance for comments containing violence, racism, profanity, vulgarity, doxing, or discourteous behavior. If a comment is spam, instead of replying to it please click the icon below and to the right of that comment. Thank you for partnering with us to maintain fruitful conversation.
