Skip to content
  • Home
  • Cyber Map
  • About Us – Contact
  • Disclaimer
  • Terms and Rules
  • Privacy Policy
Cyber Web Spider Blog – News

Cyber Web Spider Blog – News

Globe Threat Map provides a real-time, interactive 3D visualization of global cyber threats. Monitor DDoS attacks, malware, and hacking attempts with geo-located arcs on a rotating globe. Stay informed with live logs and archive stats.

  • Home
  • Cyber Map
  • Cyber Security News
  • Security Week News
  • The Hacker News
  • How To?
  • Toggle search form
Crypto Wallet Flaw ‘Ill Bloom’ Leads to .1 Million Theft

Crypto Wallet Flaw ‘Ill Bloom’ Leads to $3.1 Million Theft

Posted on July 10, 2026 By CWS

In a recent disclosure by the security firm Coinspect, a significant flaw termed ‘Ill Bloom’ has been identified in certain cryptocurrency wallets. This vulnerability, which affects how recovery phrases are generated in some wallet software, has already been exploited by attackers. The flaw arises when recovery phrases are generated with insufficient randomness, allowing unauthorized individuals to potentially access and drain funds from affected wallets.

Massive Theft Linked to Vulnerability

Coinspect confirmed a major breach on May 27, resulting in approximately $3.1 million being siphoned from 431 wallets. Since that initial attack, an additional estimated $2 million has been moved from compromised wallets. The exact division between theft and owners proactively moving their funds remains unclear.

According to Coinspect, “If you have recently noticed unauthorized movement of funds, this vulnerability could be the reason.” The primary threat targets older or lesser-known mobile wallets, particularly those in use since 2018. Most hardware wallets and popular software wallets appear unaffected.

Understanding the Vulnerability

At the core of this issue is the recovery phrase—a sequence of 12 or 24 words that is supposed to be randomly selected from a vast pool, making it nearly impossible to guess. However, the affected wallets used a weak random-number generator, drastically reducing the number of potential phrases. This vulnerability allowed attackers to identify and exploit wallet addresses with weak recovery phrases.

Coinspect has recreated the attack, analyzing the potential phrases these weak generators could produce. Their efforts have resulted in a list of vulnerable wallets, regardless of which app initially generated them.

Preventative Measures for Users

To determine if your wallet is at risk, Coinspect offers a tool at illbloom.org. Users can check their public wallet addresses against a known list of vulnerable addresses. The service supports Bitcoin, Tron, Solana, and Ethereum-style addresses.

If a match is found, it is crucial to treat the recovery phrase as compromised. Users should create a new wallet with a new recovery phrase and transfer their funds immediately. It is important to avoid reusing the compromised phrase or importing it into other applications.

Users are cautioned against scams promising to “rescue” funds. Coinspect emphasizes that genuine services will never request your recovery phrase or private keys.

Historical Context and Future Implications

The ‘Ill Bloom’ flaw is reminiscent of past vulnerabilities, such as the 2023 ‘Milk Sad’ and ‘Randstorm’ incidents, which exposed weaknesses in wallet randomness. These issues underscore the importance of robust random-number generation in wallet security.

The next step involves identifying which wallet applications generated these weak phrases. Coinspect is gathering reports from affected users to inform developers and vendors so appropriate actions can be taken to prevent future vulnerabilities.

The Hacker News Tags:Bitcoin, Blockchain, Coinspect, crypto security, crypto wallets, cryptocurrency theft, Ethereum, Ill Bloom, Polygon, randomness flaw, TRON, wallet vulnerability

Post navigation

Previous Post: NuGet Package Threatens Payment Systems with Data Theft
Next Post: Sophisticated GigaWiper Malware Threatens System Security

Related Posts

Adobe Releases Patch Fixing 254 Vulnerabilities, Closing High-Severity Security Gaps Adobe Releases Patch Fixing 254 Vulnerabilities, Closing High-Severity Security Gaps The Hacker News
Why 2026 Will be the Year of Machine-Speed Security Why 2026 Will be the Year of Machine-Speed Security The Hacker News
New SparkCat Malware Targets Crypto Wallets on Mobile Apps New SparkCat Malware Targets Crypto Wallets on Mobile Apps The Hacker News
SEPPMail Vulnerabilities Risk Remote Code Execution SEPPMail Vulnerabilities Risk Remote Code Execution The Hacker News
Spear-Phishing Campaign Targets Uzbekistan and Russia Spear-Phishing Campaign Targets Uzbekistan and Russia The Hacker News
Zero-Click AI Vulnerability Exposes Microsoft 365 Copilot Data Without User Interaction Zero-Click AI Vulnerability Exposes Microsoft 365 Copilot Data Without User Interaction The Hacker News

Categories

  • Cyber Security News
  • How To?
  • Security Week News
  • The Hacker News

Recent Posts

  • CitrixBleed 2: Swift Path to Ransomware Threat
  • US Cybersecurity Expert Jailed for Assisting Ransomware Group
  • Lumen Technologies Reinvents Exposure Management Strategy
  • Xalgorix AI Tool Revolutionizes Penetration Testing
  • Cyberattacks on Pakistani Police by China, India Hackers

Pages

  • About Us – Contact
  • Disclaimer
  • Privacy Policy
  • Terms and Rules

Archives

  • July 2026
  • June 2026
  • May 2026
  • April 2026
  • March 2026
  • February 2026
  • January 2026
  • December 2025
  • November 2025
  • October 2025
  • September 2025
  • August 2025
  • July 2025
  • June 2025
  • May 2025

Recent Posts

  • CitrixBleed 2: Swift Path to Ransomware Threat
  • US Cybersecurity Expert Jailed for Assisting Ransomware Group
  • Lumen Technologies Reinvents Exposure Management Strategy
  • Xalgorix AI Tool Revolutionizes Penetration Testing
  • Cyberattacks on Pakistani Police by China, India Hackers

Pages

  • About Us – Contact
  • Disclaimer
  • Privacy Policy
  • Terms and Rules

Categories

  • Cyber Security News
  • How To?
  • Security Week News
  • The Hacker News

Copyright © 2026 Cyber Web Spider Blog – News.

Powered by PressBook Masonry Dark