Coinspect has raised an alarm regarding potentially thousands of cryptocurrency wallets that could be compromised due to inadequate recovery phrase generation. Dubbed the "Ill Bloom" vulnerability, this issue permeates across numerous blockchains, including Bitcoin, Ethereum, Polygon, Rootstock, Tron, and Solana.
Historical Vulnerability Details
The firm indicates that this flaw, a result of weak randomness during wallet creation, has been a concern since 2018. Recent operations have revealed that around $5 million has been transferred from affected wallets, with some of these transactions occurring just this past Sunday.
Users of hardware wallets seem to be unaffected by this issue thus far. However, individuals using lesser-known mobile wallets are at a heightened risk. The core of the problem lies in certain wallets utilizing poor random number generators, leading to seed phrases that make private keys easier to guess.
Potential Impact and Responses
Coinspect stated, "If funds have moved recently without your consent, this vulnerability could be the cause." To assist users, the company has developed a wallet-checking tool that allows individuals to determine if their wallet addresses are in jeopardy.
The investigation revealed that wallets generated as long ago as 2018 continue to show vulnerability, and even new wallets have emerged as recently as a few weeks prior. This suggests that the issue is not confined to a singular wallet app.
In a notable incident on May 27, an attack drained approximately $3.1 million from 431 wallets out of 2,114 assessed vulnerable accounts, followed by an additional $2 million in fresh movements from compromised wallets.
Advice for Users
Coinspect believes the total amount stolen could exceed $5 million, given that their current investigation may not encompass every affected account or blockchain. The situation has also drawn the attention of other security firms, like SlowMist, which are now closely monitoring the Ill Bloom alert and urging users to review older wallet addresses.
Most current software wallets do not appear to show vulnerabilities, but the evidence suggests that users who created their seed phrases using hardware wallets are in a safer position. In contrast, those who used less prominent mobile wallets should be particularly cautious, as they are considered high-risk candidates in this context.
The findings of Coinspect highlight ongoing concerns about wallet security, emphasizing the need for users to remain vigilant against potential threats.


