Short announcement for a new externally discovered wallet entropy vulnerability.

New Wallet Flaw

The infosec audit company Coinspect Security discovered a new cryptocurrency wallet entropy flaw after attackers recently started exploiting it on-chain to steal funds. The researchers gave it the vulnerability name Ill Bloom.

I’m in contact with the Coinspect researchers to help them analyze the issue and can confirm that this vulnerability is real. It affects a sizeable amount of “modern” BIP39 wallet keys across multiple blockchains.

Coinspect decided to publish their vulnerability disclosure in multiple phases, and more technical information will follow at a later stage.