1. X
  2. Coinspect Security
Log inSign up
Coinspect Security
2,082 posts
Image
user avatar
Coinspect Security
@coinspect
You Build. We Defend. Since 2014 protecting critical decentralized systems: L1 nodes, smart contracts audits, wallets, web3 dApps, exchanges, bridges.
coinspect.com
Joined July 2014
774
Following
3,016
Followers
RepliesRepliesMediaMedia

New to X?

Sign up now to get your own personalized timeline!

Create account

By signing up, you agree to the Terms of Service and Privacy Policy, including Cookie Use.

TermsยทPrivacyยทCookiesยทAccessibilityยทAds Infoยทยฉ 2026 X Corp.
Don't miss what's happening
People on X are the first to know.
Log inSign up
  • Coinspect Security reposted
    user avatar
    Ben Sigman
    @bensig
    3h
    "ill bloom" attack draining bitcoin wallets generated with low entropy... essentially, it is very common for mobile wallets to use the same "randomness" which leads to vulnerabilities... this is hitting all kinds of crypto-wallets in general
    user avatar
    Coinspect Security
    @coinspect
    Jul 6
    Today we are publishing the first Ill Bloom findings: affected-address checker + on-chain analysis to help users identify exposed addresses and protect their assets. ๐Ÿ”— illbloom.org โš ๏ธ We will never ask for seed phrases, private keys, signatures, or approvals, or ask
    1.8K
  • user avatar
    Coinspect Security
    @coinspect
    Jul 11
    Now TRON, same attacker pattern: Lower balances โ†’ consolidated Higher balances โ†’ unique address per victim Without victim reports, the larger drains could go undetected. If reported blamed on the user, and forgotten. The Ill Bloom research effort lets us identify them.
    Image
    Image
    user avatar
    Coinspect Security
    @coinspect
    Jul 10
    โš ๏ธ Ongoing Ill Bloom-related Bitcoin drain. Funds are moving from lower-balance addresses in the affected set to: bc1phdwxpx7x5z6mkrzppwgqxd4l797w2p6saj39q558wqcgw5766cwsk9rzlf Higher-balance victims are being drained to separate destination addresses. If your address appears
    1.8K
  • user avatar
    Coinspect Security
    @coinspect
    Jul 11
    About 5 BTC stolen yesterday sent to addresses unique to individual victims. Victim source addresses were detectable in the Ill Bloom checker.
    user avatar
    Coinspect Security
    @coinspect
    Jul 10
    โš ๏ธ Ongoing Ill Bloom-related Bitcoin drain. Funds are moving from lower-balance addresses in the affected set to: bc1phdwxpx7x5z6mkrzppwgqxd4l797w2p6saj39q558wqcgw5766cwsk9rzlf Higher-balance victims are being drained to separate destination addresses. If your address appears
    1.5K
  • user avatar
    Coinspect Security
    @coinspect
    Jul 11
    A clear and practical explanation of our ๐Ÿฅ€ Ill Bloom research from @gridinsoft
    Image
    566
    user avatar
    Coinspect Security
    @coinspect
    Jul 11
    Image
    Ill Bloom Wallet Vulnerability: Check Your Address
    From blog.gridinsoft.com
    238
  • user avatar
    Coinspect Security
    @coinspect
    Jul 10
    โš ๏ธ Ongoing Ill Bloom-related Bitcoin drain. Funds are moving from lower-balance addresses in the affected set to: bc1phdwxpx7x5z6mkrzppwgqxd4l797w2p6saj39q558wqcgw5766cwsk9rzlf Higher-balance victims are being drained to separate destination addresses. If your address appears
    5.1K
    user avatar
    Coinspect Security
    @coinspect
    Jul 10
    @SecureTrace_Lab @cryptosc_ @julianor
    440
  • user avatar
    Coinspect Security
    @coinspect
    Jul 10
    Replying to @coinspect
    blockchair.com/bitcoin/addresโ€ฆ
    380
  • user avatar
    Coinspect Security
    @coinspect
    Jul 10
    The May 27 Ill Bloom sweep was not exhaustive. Attackers did not find or drain every vulnerable wallet. Addresses below ~$5 were skipped, while other holding millions were also left untouched. Existing balances and future deposits can still be taken. Check your address now:
    Image
    1.6K
    user avatar
    Coinspect Security
    @coinspect
    Jul 10
    Never share your seed phrase:
    Image
    Ill Bloom: Crypto Wallet Vulnerability
    From illbloom.org
    490
    user avatar
    Coinspect Security
    @coinspect
    Jul 10
    The address in the screenshot is from the "EVM Wallet Drainer 1" victim group publicly tagged since May 28
    402
  • user avatar
    Coinspect Security
    @coinspect
    Jul 10
    Attackers Exploit 'Ill Bloom' Vulnerability to Drain $3.1 Million From Cryptocurrency Wallets thehackernews.com/2026/07/attackโ€ฆ via @TheHackersNews
    Image
    Attackers Exploit 'Ill Bloom' Vulnerability to Drain Over $5 Million From Cryptocurrency Wallets
    From thehackernews.com
    450
  • user avatar
    Coinspect Security
    @coinspect
    Jul 9
    New article just published: how the research team created the Ill Bloom Exposed Address Set 1 On-chain activity filters: * Bitcoin: 1.5 billion addresses * Ethereum: 341M * Tron: 254M * Polygon, Arbitrum, Optimism, Avalanche, Fantom, and Cronos: 190M illbloom.org/articles/ill-bโ€ฆ
    Image
    1.4K
  • user avatar
    Coinspect Security
    @coinspect
    Jul 9
    1/ Wallet developers: most Ill Bloom affected wallet apps we identified so far are React Native / Expo mobile wallets. The risk is old wallet-generation code that used Math.random() variants for BIP39 mnemonic / recovery phrase generation.
    1.3K
    user avatar
    Coinspect Security
    @coinspect
    Jul 9
    Replying to @coinspect
    5/ For React Native wallet developers, this Cossack Labs article is useful background. For wallet generation, the key rule is simple: use platform-native secure randomness, and make sure no fallback path can reach Math.random().
    cossacklabs.com
    React Native libraries: Security considerations | Cossack Labs
    How to select a secure React Native library for your app. Sort out improper platform usage, easy to misuse API, deprecated and abandoned libraries.
    2.1K
    user avatar
    Coinspect Security
    @coinspect
    Jul 9
    ๐Ÿ‘‹@cossacklabs @vixentael @julepka
    281
  • Coinspect Security reposted
    user avatar
    Coinspect Security
    @coinspect
    Jul 9
    1/ Ill Bloom: Millions have already been stolen from weakly generated wallets. Some users are still exposed. We may have a narrow window to reach them before attackers do. That only works if we reach beyond Crypto Twitter. Can we work together to stop the next thefts?
    982
Advertisement
Advertisement