A critical flaw in the random number generation used by certain cryptocurrency wallet applications has enabled attackers to steal approximately $3.1 million in digital assets. Security researchers at Coinspect have named the vulnerability "Ill Bloom," and confirmed that active exploitation has already occurred.

The vulnerability corrupts a foundational security process: the creation of a wallet's recovery phrase. When wallet software uses insufficient entropy (randomness) to generate this mnemonic phrase, the resulting list of words is weak and predictable. Attackers aware of this flaw can algorithmically guess the correct phrase, gaining full control over the associated funds. Coinspect has verified at least one coordinated sweep of assets on May 27 using this method.

A crucial and alarming aspect of "Ill Bloom" is its permanence. Once a vulnerable recovery phrase is created, the generated keys are irrevocably weak. Updating or patching the wallet software does not secure those existing keys; the funds must be migrated to a new wallet created with a trustworthy, verified tool. This makes prompt action essential for all users of affected software.

In line with responsible disclosure protocols, Coinspect has deliberately withheld the names of the vulnerable wallet applications. This strategy aims to create a protective window for users to move their assets before attackers can systematically target the entire population of compromised keys. The firm has advised users to monitor its channels for official notifications on which specific products are impacted.

The incident is a stark reminder that in self-custodied cryptocurrency, security is dictated by software integrity. The root cause here is not a user mistake, but a flawed implementation of cryptographic standards like BIP-39. It underscores that mere compliance with a protocol is meaningless without flawless execution. For the industry, it highlights the urgent need for rigorous, independent audits of entropy sources and key generation libraries in wallet software.


某些加密貨幣錢包應用程式所使用的隨機數生成機制存在一個關鍵缺陷,使得攻擊者得以竊取價值約310萬美元的數碼資產。 Coinspect的安全研究人員將此漏洞命名為「病態綻放」,並證實已有攻擊者正在利用此漏洞進行惡意活動。

此漏洞破壞了核心安全流程:錢包恢復助記詞的生成過程。當錢包軟件使用熵值(隨機性)不足的方式生成助記詞時,產生的單字列表便變得薄弱且可預測。攻擊者一旦察覺此漏洞,即可透過算法推算出正確的助記詞,從而完全控制相關資金。 Coinspect已證實至少有一宗於5月27日利用此手法進行的協同資產轉移事件。

「病態綻放」漏洞一個至關重要的特點在於其永久性。一旦生成了存在漏洞的恢復助記詞,所產生的密鑰將不可逆轉地陷入弱化狀態。即使更新或修補錢包軟件,也無法保障這些現有密鑰的安全;相關資金必須轉移至透過可信、已驗證工具所建立的新錢包。因此,受影響軟件的所有用戶都必須立即採取行動。

依照負責任披露協議,Coinspect刻意隱瞞了存在漏洞的錢包應用程式名稱。此策略旨在為用戶爭取保護窗口,以便在攻擊者系統性地鎖定全部受損密鑰群體之前,及時轉移資產。該公司建議用戶留意其官方渠道,以獲取關於具體受影響產品的正式通知。

此次事件是一個嚴峻的警示:在自託管加密貨幣環境中,安全性取決於軟件的完整度。問題根源並非用戶操作失誤,而是如BIP-39等加密標準的實作存在缺陷。這突顯出僅僅符合協議規範是毫無意義的,若執行過程未臻完美,安全性便無從談起。對整個產業而言,此事彰顯了對錢包軟件中熵源及密鑰生成函式庫進行嚴格、獨立審計的迫切需求。

新聞來源 / Original News Source