The blockchain security team at Coinspect has reported a vulnerability known as Ill Bloom affecting crypto wallets. This issue has already resulted in losses of at least $3 million.

Today we are publishing the first Ill Bloom findings: affected-address checker + on-chain analysis to help users identify exposed addresses and protect their assets.
🔗 https://t.co/U0b4f3jtgz
⚠️ We will never ask for seed phrases, private keys, signatures, or approvals, or ask…

— Coinspect Security (@coinspect) July 6, 2026

According to them, Ill Bloom is linked to weak entropy in seed phrase generation, which narrows the range of possible combinations. Attackers can use brute force methods to recover private keys and gain access to users' funds. Confirmed cases have affected wallets across several networks, including:

  • Bitcoin;
  • Ethereum;
  • Polygon;
  • Rootstock;
  • Tron;
  • Solana.

Researchers analyzed a set of 2,114 addresses. Coinspect emphasized that this only represents a portion of potentially affected wallets. As of this writing, the investigation is ongoing, with the SlowMist project also joining in.

— SlowMist (@SlowMist_Team) July 6, 2026

On May 27, experts recorded a coordinated withdrawal of funds from 431 vulnerable wallets, totaling approximately $3.14 million. Specialists described this amount as the "confirmed minimum damage." The majority, around $2.57 million, was in Bitcoin. An additional $285,778 was withdrawn in Ethereum, $177,225 in Rootstock, $80,970 in Tron, and $23,473 in Polygon.

Source: Coinspect.

Coinspect estimates that the vulnerable seed phrase generation mechanism has existed since at least 2018. Users continued to create potentially vulnerable wallets up until recent weeks. The addresses in the study showed activity from September 2018 to May 2026.

Currently, the issue does not affect hardware devices or most popular software solutions. The main risk group consists of lesser-known mobile applications.

Due to the ongoing threat, researchers have not disclosed technical details. Instead, they released a tool for checking addresses and provided information to wallet developers.

Within hours of the warning published on July 4, around $2 million was withdrawn from related addresses. Coinspect suggested that owners may have moved the funds themselves.

As a reminder, in April, experts from Crypto Deep Tech discovered a critical vulnerability in chips for Bitcoin wallets.