Coinspect has confirmed one coordinated sweep on May 27 that drained about $3.1 million from 431 wallets, a single-day theft tied to a flaw it calls "Ill Bloom."
The Ill Bloom flaw and how it breaks a seed phrase
Ill Bloom is not a stolen private key or a new exploit in a blockchain protocol. Coinspect says the bug lies in how some wallet software generated its recovery phrase — the 12‑ or 24‑word seed that controls access to funds. Those wallets used a weak random‑number generator when creating the phrase, shrinking the pool of possible seeds to a range an attacker could search. As Coinspect put it, "if funds recently moved without your permission, this vulnerability may be why."
The name comes from the first weak phrase the generator produces, "illness blossom." Coinspect notes this is the same class of failure that has recurred historically: the advisory references earlier weak‑randomness incidents named "Milk Sad" (CVE-2023-39910) and a close cousin that hit the Trust Wallet browser extension (CVE-2023-31290), and the Randstorm flaw reported in 2023.
Coinspect says hardware wallets are not affected, and "most mainstream software wallets are not either." The highest risk sits with older or lesser‑known mobile wallets, including some dating back to 2018.
The May 27 coordinated sweep, by the numbers
Coinspect had traced 2,114 exposed addresses with on‑chain activity across Bitcoin, Ethereum, Rootstock, Tron, and Polygon as of June 30. The May 27 sweep drained roughly $3.1 million from 431 of those addresses; Bitcoin was hit hardest at about $2.57 million, and one Bitcoin address lost more than $1.1 million on its own.
Coinspect identified the event as a coordinated theft because hundreds of previously unrelated wallets sent their balances to the same few collection addresses within hours. Counting subsequent movements from these exposed wallets, more than $5 million has left them since May 27. Coinspect says that figure is a floor: it has mapped only the set of addresses it has discovered so far and expects more. At their 2022 peak, the same set of addresses reconstructs to a value of $12.56 million, although market declines had reduced that figure before the May sweep.
How Coinspect reconstructed the attack and built a watchlist
Coinspect says it rebuilt the attack end to end. Researchers enumerated the full set of phrases the weak generator could produce, derived the wallet addresses those phrases lead to, and then checked public blockchain records for addresses that still held funds. The result is a watchlist of wallets that were "born weak," regardless of which app created them.
A public address alone does not reveal which app produced it, so Coinspect is asking users who match its list to report what wallet software they used. Coinspect also says it has passed findings to vendors and teams that can act on them. The Hacker News has reached out to Coinspect for comment on which wallet apps produced the weak recovery phrases and the scope of the exposed set, and will update its story with any response.
How to check your addresses and what to do if you match
Coinspect operates a free checker at illbloom.org that compares a public wallet address against its list of known‑vulnerable wallets. The checker accepts Bitcoin, Tron, Solana, and "Ethereum‑style" addresses (Ethereum, Polygon, BNB, and other EVM chains). Because one weak phrase can control addresses on multiple chains, Coinspect warns users to check every address tied to the same seed, not just ones already drained.
If your address matches, Coinspect's checklist is explicit:
- Treat the recovery phrase as compromised. Funds are not safe just because they have not moved yet.
- Create a brand‑new wallet with a brand‑new phrase. You should see a fresh set of 12 to 24 words; if an app asks you to type your old phrase you are reopening the weak wallet, not making a new one.
- Move your funds to the new wallet. Reinstalling the old app or importing the same phrase elsewhere changes nothing.
Coinspect warns about rescue scams and emphasizes it "will never ask for seed phrases, private keys, signatures, or approvals, or ask users to send funds to 'recover' or protect a wallet." It adds the broader rule: do not type your recovery phrase, private key, password, or backup file into any site or message, ever. Coinspect also notes a hardware wallet is the safest place to move funds — provided you generate a fresh phrase on the device rather than importing the old one.
What this means for mobile wallet users, wallet vendors, and security teams
- Mobile wallet users: Check every address tied to your seed at illbloom.org. If you match, move funds to a newly generated wallet and never re‑use the old phrase.
- Wallet vendors: Expect outreach from researchers and, potentially, from affected customers; Coinspect says it is passing findings to teams that can act and is asking users to report which apps produced matched addresses.
- Security teams and incident responders: Use the watchlist approach — derive addresses from suspect seed spaces and scan on‑chain for holdings — and treat any match as requiring immediate migration of funds.
Ill Bloom is a repeat of a familiar class of failure: predictable randomness that turns a nominally secure seed into a searchable set. Coinspect's reconstruction and public watchlist give owners a narrow path to safety: confirm, and if you match, move your money to a fresh seed you generated with strong randomness. The open question the advisory leaves on the table — which wallet apps produced these weak phrases — is now one Coinspect is trying to answer with user reports and vendor coordination.




