Skip to content
  • Home
  • Cyber Map
  • About Us – Contact
  • Disclaimer
  • Terms and Rules
  • Privacy Policy
Cyber Web Spider Blog – News

Cyber Web Spider Blog – News

Globe Threat Map provides a real-time, interactive 3D visualization of global cyber threats. Monitor DDoS attacks, malware, and hacking attempts with geo-located arcs on a rotating globe. Stay informed with live logs and archive stats.

  • Home
  • Cyber Map
  • Cyber Security News
  • Security Week News
  • The Hacker News
  • How To?
  • Toggle search form
Crypto Wallet Flaw ‘Ill Bloom’ Leads to .1 Million Theft

Crypto Wallet Flaw ‘Ill Bloom’ Leads to $3.1 Million Theft

Posted on July 10, 2026 By CWS

In a recent disclosure by the security firm Coinspect, a significant flaw termed ‘Ill Bloom’ has been identified in certain cryptocurrency wallets. This vulnerability, which affects how recovery phrases are generated in some wallet software, has already been exploited by attackers. The flaw arises when recovery phrases are generated with insufficient randomness, allowing unauthorized individuals to potentially access and drain funds from affected wallets.

Massive Theft Linked to Vulnerability

Coinspect confirmed a major breach on May 27, resulting in approximately $3.1 million being siphoned from 431 wallets. Since that initial attack, an additional estimated $2 million has been moved from compromised wallets. The exact division between theft and owners proactively moving their funds remains unclear.

According to Coinspect, “If you have recently noticed unauthorized movement of funds, this vulnerability could be the reason.” The primary threat targets older or lesser-known mobile wallets, particularly those in use since 2018. Most hardware wallets and popular software wallets appear unaffected.

Understanding the Vulnerability

At the core of this issue is the recovery phrase—a sequence of 12 or 24 words that is supposed to be randomly selected from a vast pool, making it nearly impossible to guess. However, the affected wallets used a weak random-number generator, drastically reducing the number of potential phrases. This vulnerability allowed attackers to identify and exploit wallet addresses with weak recovery phrases.

Coinspect has recreated the attack, analyzing the potential phrases these weak generators could produce. Their efforts have resulted in a list of vulnerable wallets, regardless of which app initially generated them.

Preventative Measures for Users

To determine if your wallet is at risk, Coinspect offers a tool at illbloom.org. Users can check their public wallet addresses against a known list of vulnerable addresses. The service supports Bitcoin, Tron, Solana, and Ethereum-style addresses.

If a match is found, it is crucial to treat the recovery phrase as compromised. Users should create a new wallet with a new recovery phrase and transfer their funds immediately. It is important to avoid reusing the compromised phrase or importing it into other applications.

Users are cautioned against scams promising to “rescue” funds. Coinspect emphasizes that genuine services will never request your recovery phrase or private keys.

Historical Context and Future Implications

The ‘Ill Bloom’ flaw is reminiscent of past vulnerabilities, such as the 2023 ‘Milk Sad’ and ‘Randstorm’ incidents, which exposed weaknesses in wallet randomness. These issues underscore the importance of robust random-number generation in wallet security.

The next step involves identifying which wallet applications generated these weak phrases. Coinspect is gathering reports from affected users to inform developers and vendors so appropriate actions can be taken to prevent future vulnerabilities.

The Hacker News Tags:Bitcoin, Blockchain, Coinspect, crypto security, crypto wallets, cryptocurrency theft, Ethereum, Ill Bloom, Polygon, randomness flaw, TRON, wallet vulnerability

Post navigation

Previous Post: NuGet Package Threatens Payment Systems with Data Theft
Next Post: Sophisticated GigaWiper Malware Threatens System Security

Related Posts

How Threat Hunting Builds Readiness How Threat Hunting Builds Readiness The Hacker News
CISA Alerts on Zimbra, SharePoint Vulnerabilities CISA Alerts on Zimbra, SharePoint Vulnerabilities The Hacker News
Securing AI to Benefit from AI Securing AI to Benefit from AI The Hacker News
Massive 7.3 Tbps DDoS Attack Delivers 37.4 TB in 45 Seconds, Targeting Hosting Provider Massive 7.3 Tbps DDoS Attack Delivers 37.4 TB in 45 Seconds, Targeting Hosting Provider The Hacker News
New macOS XCSSET Variant Targets Firefox with Clipper and Persistence Module New macOS XCSSET Variant Targets Firefox with Clipper and Persistence Module The Hacker News
ConnectWise Hit by Cyberattack; Nation-State Actor Suspected in Targeted Breach ConnectWise Hit by Cyberattack; Nation-State Actor Suspected in Targeted Breach The Hacker News

Categories

  • Cyber Security News
  • How To?
  • Security Week News
  • The Hacker News

Recent Posts

  • Windows Shortcuts Exploit PowerShell for Remote Attacks
  • Okta Alerts on Vishing Threat to Microsoft 365 Users
  • New MODBEACON RAT Leverages Encrypted C2 Traffic
  • CitrixBleed 2: Swift Path to Ransomware Threat
  • US Cybersecurity Expert Jailed for Assisting Ransomware Group

Pages

  • About Us – Contact
  • Disclaimer
  • Privacy Policy
  • Terms and Rules

Archives

  • July 2026
  • June 2026
  • May 2026
  • April 2026
  • March 2026
  • February 2026
  • January 2026
  • December 2025
  • November 2025
  • October 2025
  • September 2025
  • August 2025
  • July 2025
  • June 2025
  • May 2025

Recent Posts

  • Windows Shortcuts Exploit PowerShell for Remote Attacks
  • Okta Alerts on Vishing Threat to Microsoft 365 Users
  • New MODBEACON RAT Leverages Encrypted C2 Traffic
  • CitrixBleed 2: Swift Path to Ransomware Threat
  • US Cybersecurity Expert Jailed for Assisting Ransomware Group

Pages

  • About Us – Contact
  • Disclaimer
  • Privacy Policy
  • Terms and Rules

Categories

  • Cyber Security News
  • How To?
  • Security Week News
  • The Hacker News

Copyright © 2026 Cyber Web Spider Blog – News.

Powered by PressBook Masonry Dark