Crypto wallets at risk: 'Ill Bloom' flaw drains millions

In the past 48 hours, attackers have exploited a fresh vulnerability in cryptocurrency wallet software to siphon more than $3 million from unsuspecting users. Security researchers at Coinspect have labeled the flaw “Ill Bloom,” a reference to the way some wallets create recovery phrases. Instead of drawing from strong randomness, the software produced predictable sequences, allowing attackers to reverse-engineer the phrase and drain wallets within hours of creation.
How the attack unfolds
The exploit hinges on weak entropy during recovery-phrase generation. When a wallet’s random-number source is predictable—perhaps reusing a system clock or a fixed seed—an attacker can model the output and reconstruct the exact sequence of twelve or twenty-four words. Once the phrase is known, the attacker can import the wallet anywhere and transfer the funds without the owner’s knowledge.
Who is affected and what to do
Coinspect has confirmed at least one large-scale sweep in May, but the flaw may touch any wallet software that relies on low-quality randomness. Users should immediately check whether their wallet provider has issued a patch or a new recovery-tool update. If you generated a wallet phrase on a potentially affected client in the past six months, move your assets to a newly generated, offline wallet and revoke any old addresses.
Why it matters
This incident shows how a single weak link in the key-generation process can collapse the security of millions of dollars. It also underscores the need for open audits of wallet software and user vigilance—because once the phrase is gone, the funds are gone for good. Wallet providers must adopt cryptographically secure randomness and publish verifiable entropy tests; users must treat every recovery phrase as a high-value secret and never reuse it across services.
Source: The Hacker News. AI-assisted editorial synthesis — TechnoExpress.

