• Category: Security
  • Status: confirmed
  • Sources: Ill Bloom disclosure, Cointelegraph
  • Summary: Security firm Coinspect disclosed a vulnerability it calls Ill Bloom in which some software wallets generated recovery phrases with an insecure pseudorandom number generator, letting an attacker reconstruct the seed. Coinspect reports a 2026-05-27 attack drained roughly 3.1 million USD from 431 of about 2,114 identified vulnerable wallets, with at least 5 million USD taken since, spanning Bitcoin, Ethereum, Polygon, Rootstock, Tron, and Solana addresses generated as early as 2018. Hardware-wallet-generated seeds and most current software wallets are reported unaffected. The stated remediation is to generate a new seed and migrate funds, since reimporting the same phrase does not help.
  • Why it matters: It is a concrete production failure of RNG selection in key generation, and importing a compromised seed into another app carries the exposure forward.
  • Follow-up: Watch for the named affected wallet applications and independent confirmation of the RNG defect.

Send feedback on this story