Coinspect security research

Ill Bloom: Crypto Wallet Vulnerability

We investigated a recent wallet drain incident and our analysis identified additional wallet addresses affected by the same root cause: weak recovery phrases. Current evidence indicates that the issue affects a limited set of wallet addresses generated under specific conditions. (see FAQ). However, if funds recently moved without your permission, this vulnerability may be why.

Use this checker to see whether a public wallet address appears in a dataset of known vulnerable addresses with balances. If there is a match, the checker will show next steps.

Is my wallet exposed?

The checker only needs a public wallet address. Do not enter any secret. Your address is not sent anywhere.

About ill bloom

Ill Bloom is the name we use for this actively exploited wallet-generation vulnerability.

We reproduced the attack end to end: we identified the root cause, generated the addresses that vulnerable recovery phrases could produce, and checked which ones still had funds using public blockchain data.

This checker compares your public address against a dataset of known vulnerable funded addresses identified during that analysis.

If your address matches, help us identify which wallet generated the vulnerable recovery phrase. Your contribution helps us pinpoint affected software, notify vendors, and protect other users.

Only enter wallet addresses. NEVER enter your recovery phrase, seed phrase, mnemonic, private key, password, or wallet backup file.

Research

FAQ

Who is affected?

Current evidence tells us that users that generated their seed with a hardware wallet are not affected. Further research indicates that most current software wallets are also not vulnerable. The strongest candidates are users who generated their seed in less widely used mobile software wallets.

When did this get exploited on-chain?

The first confirmed on-chain evidence we identified dates back to May 27, 2026. Earlier exploitation may exist.

What is the root cause of this issue?

The issue is related to weak randomness (insecure PRNG) used during recovery phrase generation, resulting in recovery phrases with less cryptographic strength than expected.

What should I do if my address matches?

If your address matches, funds controlled by the same recovery phrase are at risk. The safest remediation is to create a new wallet with a new recovery phrase and migrate your funds to addresses from that new wallet. Updating an app or importing the same recovery phrase into another app does not make your funds safe.

How do I know I created a new wallet?

You should be shown a new set of 12 to 24 words. If you are asked to enter your existing recovery phrase, seed phrase, or backup phrase, you are restoring the old wallet, not creating a new one.

Does a negative result mean my wallet is safe?

No. A negative result only means the address was not found in the Ill Bloom address sets. The address sets are not exhaustive, and additional address sets may be added as the research progresses.

Which chains are affected?

A vulnerable recovery phrase can put funds at risk across multiple chains. The risk is not limited to the chain where suspicious activity was first seen. Affected users hold portfolios spread across Bitcoin, Ethereum, Tron, Solana, BNB Chain, Polygon, Monad, Arbitrum, Gnosis, Optimism, Base, Avax, Linea, and HyperEVM.

Why can't you name every vulnerable wallet app?

A public address does not reveal which wallet app originally generated it. The Ill Bloom address sets identify affected recovery phrases and their derived addresses, not the software that created them. If your address matches, sharing which wallet app you used can help identify affected software, notify vendors, and protect other users.

Why don't you publish more technical details?

We are following a staged disclosure process. We are sharing information with teams that can use it to protect users, while avoiding details that could make exploitation easier.

How can I choose a wallet to migrate my funds to?

Consider using a hardware wallet or visit our Wallet Security Ranking to compare software wallet apps.

Why is it called Ill Bloom?

Ill Bloom comes from a wordplay on the first recovery phrase produced by the vulnerable PRNG, which begins with "illness blossom."

Have similar incidents occurred in the past?

Yes. Previous cases, including Milk Sad and a Trust Wallet browser extension issue, involved vulnerable wallets caused by weak randomness.

How can I get updates?

Follow @coinspect, where we will be posting updates.

Who are you?

Coinspect is a security research and auditing firm that has been working in the blockchain space for more than 12 years.