Login
Sign Up
Woofun AI reports that the 'Ill Bloom' vulnerability has compromised thousands of crypto wallets, draining funds from networks including Bitcoin, Ethereum, Polygon, Rootstock, Tron, and Solana. Blockchain security firm Coinspect disclosed the exploit on Sunday, attributing the breaches to weak randomness in recovery phrase generation.
The technical root cause is an insecure pseudorandom number generator used during seed creation. This flaw primarily affects lesser-known mobile software wallets, with some compromised instances dating back to 2018. The predictable nature of the entropy allows attackers to derive private keys from public addresses.
Financial losses have escalated rapidly since the issue was identified. Per Woofun AI, data indicates that $5 million has been stolen since May 27. On that date alone, 431 of 2,114 vulnerable wallets were drained of $3.1 million. An additional $2 million was moved on Sunday, prompting SlowMist to monitor the risk on X on Monday. Coinspect released a wallet-checking tool to help users identify exposure.
Hardware wallets remain unaffected by this specific randomness failure. Current software wallets are also largely secure, with the highest risk concentrated in less widely used mobile applications. This mirrors a 2023 incident where Ledger’s team found Trust Wallet’s browser extension vulnerable to brute-force attacks due to limited entropy. That flaw restricted mnemonic combinations to roughly four billion, enabling GPU-based attacks in under a day.
Trust Wallet patched the bug before any funds were stolen, contrasting with the Libbitcoin Explorer vulnerability later that year which resulted in $900,000 in losses. The recurrence of such entropy weaknesses underscores the critical need for rigorous cryptographic standards in wallet development.