Skip to content
Security & Trust

Weak Randomness, Not Malware, Drained $3.1M in Crypto

431 wallets, five blockchains, one root cause: recovery phrases generated from a keyspace small enough to brute-force.

· 4 min read
Share on X LinkedIn
Weak Randomness, Not Malware, Drained $3.1M in Crypto

A Predictable Kind of Random

On May 27, attackers executed a coordinated sweep against cryptocurrency wallets whose recovery phrases were never as random as their owners assumed. Security firm Coinspect calls the underlying flaw Ill Bloom: certain wallet applications, some dating back to 2018, generated seed phrases using a random-number generator with a defective keyspace. Instead of drawing from a pool of possibilities large enough to be computationally unsearchable, the affected software produced phrases from a set small enough that an attacker could enumerate the candidates, derive the corresponding wallet addresses, and check each one against public blockchain records. No password was cracked and no server was breached — the phrases were generated with far less entropy than their length implied.

$3.1M from 431 wallets
Coordinated theft, single day
Source: Coinspect vulnerability disclosure, reported by The Hacker News (July 2026)

The $3.1 million swept on May 27 was only the opening event. Coinspect has since traced roughly $2 million in additional unauthorized movements from the same pool of weak addresses, putting total confirmed losses above $5 million. Its research now accounts for 2,114 wallet addresses with confirmed on-chain activity spanning Bitcoin, Ethereum, Rootstock, Tron, and Polygon. Bitcoin-denominated losses make up the largest share, at roughly $2.57 million, including a single address that lost more than $1.1 million. Hardware wallets and most current mainstream software wallets are not implicated — Coinspect’s findings point to a defined cohort of older or lesser-known mobile wallets, and the firm has published a free lookup tool at illbloom.org for holders to check exposed addresses.

2,114 addresses across 5 blockchains
Traced exposure
Source: Coinspect research disclosure (July 2026)

A Recurring Failure Mode, Not a New One

Weak entropy in key generation is a known vulnerability class — CWE-330, insufficient randomness — and Ill Bloom joins a short but consistent list of prior incidents. Milk Sad (CVE-2023-39910) exposed a flawed pseudorandom generator in a widely reused Bitcoin library in 2023. A separate flaw in Trust Wallet’s browser extension (CVE-2023-31290) generated predictable private keys the same year. Coinspect’s data shows the pattern reaching further back: some of the wallets exploited in the May sweep were built on code from 2018, meaning the weakness sat unexploited, or at least unnoticed, for years before attackers began systematically draining it in 2026.

$12.56M (2022)
Peak balance across compromised addresses (not amount stolen)
Source: Coinspect research disclosure (July 2026)

Weak entropy is not unique to crypto wallets. The same class of flaw — CWE-330, insufficient randomness — can compromise session tokens in web applications, API keys, password reset links, and any system that depends on unpredictable values. No vulnerability scanner catches it because the output looks random to any test short of a full cryptographic audit.

The Budget Question

Ill Bloom will not show up in a framework vulnerability scan or a dependency audit — it predates both by design. The wallets involved were not out of date; they were built on flawed randomness from the start, and the defect stayed dormant until Coinspect went looking for it. For any organization with exposure to crypto assets, whether held directly or through a payments vendor, the relevant question this week is not which frameworks are patched but whether the code generating keys and recovery phrases has had an independent entropy review at all.

CVEs in this analysis
CVE-2023-39910 CVE-2023-31290
Share this insight