1. X
  2. Coinspect Security
Log inSign up
Coinspect Security
2,080 posts
Image
user avatar
Coinspect Security
@coinspect
You Build. We Defend. Since 2014 protecting critical decentralized systems: L1 nodes, smart contracts audits, wallets, web3 dApps, exchanges, bridges.
coinspect.com
Joined July 2014
774
Following
3,016
Followers
RepliesRepliesMediaMedia

New to X?

Sign up now to get your own personalized timeline!

Create account

By signing up, you agree to the Terms of Service and Privacy Policy, including Cookie Use.

Terms·Privacy·Cookies·Accessibility·Ads Info·© 2026 X Corp.
Don't miss what's happening
People on X are the first to know.
Log inSign up
  • user avatar
    Coinspect Security
    @coinspect
    Jul 11
    Now TRON, same attacker pattern: Lower balances → consolidated Higher balances → unique address per victim Without victim reports, the larger drains could go undetected. If reported blamed on the user, and forgotten. The Ill Bloom research effort lets us identify them.
    Image
    Image
    user avatar
    Coinspect Security
    @coinspect
    Jul 10
    ⚠️ Ongoing Ill Bloom-related Bitcoin drain. Funds are moving from lower-balance addresses in the affected set to: bc1phdwxpx7x5z6mkrzppwgqxd4l797w2p6saj39q558wqcgw5766cwsk9rzlf Higher-balance victims are being drained to separate destination addresses. If your address appears
    1.8K
  • user avatar
    Coinspect Security
    @coinspect
    Jul 11
    About 5 BTC stolen yesterday sent to addresses unique to individual victims. Victim source addresses were detectable in the Ill Bloom checker.
    user avatar
    Coinspect Security
    @coinspect
    Jul 10
    ⚠️ Ongoing Ill Bloom-related Bitcoin drain. Funds are moving from lower-balance addresses in the affected set to: bc1phdwxpx7x5z6mkrzppwgqxd4l797w2p6saj39q558wqcgw5766cwsk9rzlf Higher-balance victims are being drained to separate destination addresses. If your address appears
    1.5K
  • user avatar
    Coinspect Security
    @coinspect
    Jul 11
    A clear and practical explanation of our 🥀 Ill Bloom research from @gridinsoft
    Image
    565
    user avatar
    Coinspect Security
    @coinspect
    Jul 11
    Image
    Ill Bloom Wallet Vulnerability: Check Your Address
    From blog.gridinsoft.com
    237
  • user avatar
    Coinspect Security
    @coinspect
    Jul 10
    ⚠️ Ongoing Ill Bloom-related Bitcoin drain. Funds are moving from lower-balance addresses in the affected set to: bc1phdwxpx7x5z6mkrzppwgqxd4l797w2p6saj39q558wqcgw5766cwsk9rzlf Higher-balance victims are being drained to separate destination addresses. If your address appears
    5.1K
    user avatar
    Coinspect Security
    @coinspect
    Jul 10
    @SecureTrace_Lab @cryptosc_ @julianor
    439
  • user avatar
    Coinspect Security
    @coinspect
    Jul 10
    Replying to @coinspect
    blockchair.com/bitcoin/addres…
    379
  • user avatar
    Coinspect Security
    @coinspect
    Jul 10
    The May 27 Ill Bloom sweep was not exhaustive. Attackers did not find or drain every vulnerable wallet. Addresses below ~$5 were skipped, while other holding millions were also left untouched. Existing balances and future deposits can still be taken. Check your address now:
    Image
    1.6K
    user avatar
    Coinspect Security
    @coinspect
    Jul 10
    Never share your seed phrase:
    Image
    Ill Bloom: Crypto Wallet Vulnerability
    From illbloom.org
    490
    user avatar
    Coinspect Security
    @coinspect
    Jul 10
    The address in the screenshot is from the "EVM Wallet Drainer 1" victim group publicly tagged since May 28
    402
  • user avatar
    Coinspect Security
    @coinspect
    Jul 10
    Attackers Exploit 'Ill Bloom' Vulnerability to Drain $3.1 Million From Cryptocurrency Wallets thehackernews.com/2026/07/attack… via @TheHackersNews
    Image
    Attackers Exploit 'Ill Bloom' Vulnerability to Drain Over $5 Million From Cryptocurrency Wallets
    From thehackernews.com
    450
  • user avatar
    Coinspect Security
    @coinspect
    Jul 9
    New article just published: how the research team created the Ill Bloom Exposed Address Set 1 On-chain activity filters: * Bitcoin: 1.5 billion addresses * Ethereum: 341M * Tron: 254M * Polygon, Arbitrum, Optimism, Avalanche, Fantom, and Cronos: 190M illbloom.org/articles/ill-b…
    Image
    1.4K
  • user avatar
    Coinspect Security
    @coinspect
    Jul 9
    1/ Wallet developers: most Ill Bloom affected wallet apps we identified so far are React Native / Expo mobile wallets. The risk is old wallet-generation code that used Math.random() variants for BIP39 mnemonic / recovery phrase generation.
    1.3K
    user avatar
    Coinspect Security
    @coinspect
    Jul 9
    Replying to @coinspect
    5/ For React Native wallet developers, this Cossack Labs article is useful background. For wallet generation, the key rule is simple: use platform-native secure randomness, and make sure no fallback path can reach Math.random().
    Image
    React Native libraries: Security considerations | Cossack Labs
    From cossacklabs.com
    2.1K
    user avatar
    Coinspect Security
    @coinspect
    Jul 9
    👋@cossacklabs @vixentael @julepka
    281
  • Coinspect Security reposted
    user avatar
    Coinspect Security
    @coinspect
    Jul 9
    1/ Ill Bloom: Millions have already been stolen from weakly generated wallets. Some users are still exposed. We may have a narrow window to reach them before attackers do. That only works if we reach beyond Crypto Twitter. Can we work together to stop the next thefts?
    982
  • user avatar
    Coinspect Security
    @coinspect
    Jul 9
    1/ Ill Bloom: Millions have already been stolen from weakly generated wallets. Some users are still exposed. We may have a narrow window to reach them before attackers do. That only works if we reach beyond Crypto Twitter. Can we work together to stop the next thefts?
    982
    user avatar
    Coinspect Security
    @coinspect
    Jul 9
    Replying to @coinspect
    5/ If you are not sure your recovery phrase was created by a major, well-known software or hardware wallet, consider moving funds to a fresh wallet. Ill Bloom will not be the last wallet-generation vulnerability. A weak wallet seed stays weak forever:
    Image
    Why Weak Seed Generation Can Put Crypto Wallets at Risk for Years
    From coinspect.com
    274
    user avatar
    Coinspect Security
    @coinspect
    Jul 9
    6/ Please share this through trusted channels, especially outside English-speaking crypto users. Help us reach users who may still be exposed! Thank you!
    189
Advertisement
Advertisement