Short announcement for a new externally discovered wallet entropy vulnerability.
New Wallet Flaw
The infosec audit company Coinspect Security discovered a new cryptocurrency wallet entropy flaw after attackers recently started exploiting it on-chain to steal funds. The researchers gave it the vulnerability name Ill Bloom.
- Twitter announcement - see account for more information
- First overview post with initial statistics and analysis
- Vulnerability page with lookup service for affected wallet addresses and FAQ
- The first big coordinated theft event happened on 2026-05-27.
I’m in contact with the Coinspect researchers to help them analyze the issue and can confirm that this vulnerability is real. It affects a sizeable amount of “modern” BIP39 wallet keys across multiple blockchains.
Coinspect decided to publish their vulnerability disclosure in multiple phases, and more technical information will follow at a later stage.