Weak bloom: a $5M crypto-wallet drain is flowering from a bug nobody planted 🌱
Back to feed

Weak bloom: a $5M crypto-wallet drain is flowering from a bug nobody planted 🌱

Blockchain security firm Coinspect disclosed a vulnerability dubbed "Ill Bloom" on Sunday, warning that thousands of crypto wallets across Bitcoin, Ethereum, Polygon, Rootstock, Tron and Solana remain exposed because their recovery phrases were generated with an insecure pseudorandom number generator. "If funds recently moved without your permission, this vulnerability may be why," Coinspect said. The issue has affected wallets created as early as 2018 and is concentrated in lesser-known mobile software wallets, with hardware-wallet users and most current software wallets not impacted.

At least $5 million has been drained from exposed wallets since May 27, according to Coinspect, which is not yet publishing technical details of the active exploit. Data shared by the firm shows that on May 27, 431 wallets out of 2,114 vulnerable addresses were hit, removing a combined $3.1 million in cryptocurrency. An additional $2 million was moved from exposed wallets on Sunday. Coinspect cautioned that the full scale could be larger, citing additional networks and addresses it has not yet analyzed, with a snapshot taken as of June 30.

The disclosure is the latest in a string of weak-seed incidents across the industry. In 2023, Ledger's security team found that wallet seeds generated by the Trust Wallet browser extension were vulnerable to brute-force attacks because the entropy process limited possible mnemonic combinations to roughly four billion, an effort a motivated attacker could complete in less than a day with a few GPUs; Trust Wallet patched the bug before any funds were stolen. That same year, a vulnerability in Libbitcoin Explorer led to $900,000 in crypto being stolen via private-key brute forcing.

SlowMist said on Monday via X that it is "closely monitoring the Ill Bloom wallet weak randomness risk alert from Coinspect." "Current evidence tells us that users that generated their seed with a hardware wallet are not affected," Coinspect said. "Further research indicates that most current software wallets are also not vulnerable," it added. "The strongest candidates are users who generated their seed in less widely used mobile software wallets."

Coinspect has released a wallet-checking tool so users can determine whether their addresses are exposed. The firm is withholding further technical details of the exploit while vulnerable wallet providers work on remediation.

Mentioned Coins

$BTC$ETH$MATIC$SOL$TRX
Share:
Publishercryptonewsroom.xyz
Published—
CategorySecurity

Disclaimer: This content is for information and entertainment purposes only. It does not constitute financial, investment, legal, or tax advice. Always do your own research and consult with qualified professionals before making any financial decisions.

See our Terms of Service, Privacy Policy, and Editorial Policy.