Thousands of crypto wallets across multiple blockchains could be vulnerable due to weak recovery phrase generation.

Thousands of crypto wallets are at risk of being drained due to the use of weaker-than-intended recovery phrases, an exploit that Blockchain security research firm Coinspect has dubbed “Ill Bloom.”

The wallets at risk span Bitcoin, Ethereum, Polygon, Rootstock, Tron and Solana, Coinspect said in a disclosure on Sunday, with the issue related to weak randomness — an insecure pseudorandom number generator — used during recovery phrase generation on certain software wallets.

“If funds recently moved without your permission, this vulnerability may be why,” Coinspect said.

The vulnerability has impacted wallets generated as early as 2018 and more often occurs in lesser-known mobile software wallets. At least $5 million has been drained from exposed wallets since May 27, though there could have been exploits on additional networks and addresses, meaning the number of wallets at risk may be much higher.

A snapshot of one analyzed address set as of June 30. Source: Coinspect

Coinspect said it was not publishing details of the active exploit at this stage, but has released a wallet-checking tool for users to see whether their address is potentially exposed.

“We're closely monitoring the Ill Bloom wallet weak randomness risk alert from Coinspect,” SlowMist posted to X on Monday.

Data shows that an attack on May 27 affected 431 wallets out of 2,114 vulnerable wallets, draining a total of $3.1 million in cryptocurrency. Another $2 million was moved on Sunday from exposed wallets.

The historical sum of stolen amounts per chain in the May 27 attack. Source: Coinspect

“Current evidence tells us that users that generated their seed with a hardware wallet are not affected,” said Coinspect.

“Further research indicates that most current software wallets are also not vulnerable,” it added. “The strongest candidates are users who generated their seed in less widely used mobile software wallets.”

Related: Taiko reopens bridge after $1.7M exploit, says users made whole

This type of vulnerability has emerged several times in the past. In 2023, Ledger's security team discovered that wallet seeds generated by the Trust Wallet browser extension were vulnerable to brute-force attacks.

The flaw resided in the wallet’s entropy generation for new addresses, which limited the total possible mnemonic combinations to roughly four billion and could allow a motivated attacker to run an attack in less than a day with just a few GPUs. Trust Wallet patched the bug before any funds were stolen.

In the same year, a vulnerability in the Libbitcoin Explorer crypto wallet led to $900,000 in crypto being stolen through private key brute forcing.

Magazine: Bitcoin slides to $58K, XRP hits $1 but onchain data promising: Market Moves

Source: https://cointelegraph.com/news/thousands-of-crypto-wallets-at-risk-from-ill-bloom-vulnerability-coinspect?utm_source=rss_feed&utm_medium=rss&utm_campaign=rss_partner_inbound