Hacking Bitcoin wallets, or how flawed keys cost people millions
The company Coinspect has discovered a critical vulnerability in seed phrase generation across a number of crypto wallets. The issue primarily affects hot (software) wallets that use a PRNG (pseudo-random number generator) instead of a hardware-based TRNG or a cryptographically secure CSPRNG. This narrows the key space, making brute-force attacks technically feasible.
4 billion combinations for seed phrase brute-forcing
The critical flaw lies not in the phrase length (12 or 24 words), but in the generation method. Generation based on PRNG narrows the possible seed phrase space down to roughly 4 billion combinations. This makes brute-forcing technically viable, unlike hardware-based methods using TRNG/CSPRNG, where the number of combinations runs into numbers with hundreds of zeros.
Recall a specific historical precedent: the Trust Wallet browser extension in 2023, where the same generation flaw left wallets vulnerable until the fix was released.
Which types of crypto wallets are at risk?
All popular hot wallets (MetaMask, Coinbase Wallet, Phantom) are highly unlikely to be affected by this vulnerability. Cold wallets (Ledger, Trezor, Tangem) use TRNG or cryptographically secure PRNG (CSPRNG), which renders them immune to this attack.
At risk are:
- Little-known mobile Web3 wallets.
- Outdated browser extensions that have not undergone security audits.
How to check your wallet?
Coinspect has released a tool where you can enter your wallet's public address (not the seed phrase!).
Verification process:
- Go to illbloom.org.
- Copy your wallet's public address (Bitcoin, Ethereum, Solana, or TRON).
- Paste it into the single input field on the homepage.
- Click the check button so the system can match your address against the database of vulnerable wallets.
Remember, the service never asks for your seed phrase, private keys, or transaction approvals.
The tool shows whether there is suspicion of a weak phrase, but does not offer 100% certainty. The database is still being expanded.
If your address falls into the risk zone, you must immediately create a new wallet with strong entropy and transfer all digital assets to it.
What are the limitations of the Coinspect check?
The tool released by Coinspect does not provide absolute guarantee. If your address is not found in the current database (EVM data set), that does not mean the seed phrase is safe. Absence from the dataset merely indicates that the vulnerability has not yet been identified for that specific address, but it does not rule out the risk.
What role does AI play in exploiting vulnerabilities?
Vulnerabilities that have existed for years become critical threats due to the use of AI. Artificial intelligence dramatically increases the speed of scanning and brute-forcing weakened combinations. This is what turns a theoretical possibility of compromise into a practical attack vector targeting old architectural flaws in generation.
Is there a priority for 24 words over 12?
Although seed phrase length is not a cure-all when generation is poor, when choosing between the standard options, preference naturally goes to the 24-word phrase. It provides significantly greater randomness (entropy) compared to the 12-word phrase. All combinations are generated from the standard BIP39 word list.
How many wallets have been affected?
This security hole has existed for an indecently long time. Hackers have been quietly draining wallets created from September 2018 through July 2026. A full 8 years. The scale of the disaster is impressive, though analysts have so far only revealed the tip of the iceberg.
In the first leaked report, dryly titled Set 1, experts counted 2,114 addresses. The main blow fell on Bitcoin. From BTC wallets, attackers have already drained more than $2.5 million. In total, no less than $5.14 million has been stolen.
Attackers are also actively cleaning out the pockets of users on Ethereum, Solana, and TRON. Polygon and Rootstock also made the list.
As a reminder, in our wallet reviews we honestly cover and examine all their vulnerabilities. We even take hardware wallets apart, like the Ledger Nano Gen5, to see what is inside.
Burner wallets and revoking permissions for protection
The point of a burner wallet is that it is only used for micro-transactions and temporarily. After your desired transactions, you withdraw funds from that burner wallet to a secure cold wallet.
When choosing a wallet, it is also important to consider hidden risks. For instance, the Dcent wallet raises doubts due to its closed source code, while Exodus is only suitable as a burner wallet due to its hot storage model. For security with Tangem, it is critical to activate mandatory card scanning for transactions; otherwise, the device reverts to an insecure hot mode.
If you use DeFi protocols, you are at risk when you grant permissions to protocols from your wallet.
To protect against risks from interacting with external sites, it is recommended to use the Revoke.cash service for revoking smart contract approvals and to use burner wallets. These temporary hot addresses with minimal balances are used for DeFi and airdrops, after which assets are immediately transferred to cold storage.
Q&A
Why is seed phrase generation weak on some wallets?
Weak seed phrases are generated using a PRNG (pseudo-random number generator), which relies solely on mathematical algorithms. This narrows the possible combination space down to ~4 billion, making brute-forcing feasible for scammers. Secure methods (TRNG/CSPRNG) use external physical noise (e.g., light, thermal energy) to provide true unpredictability.
If the Coinspect tool shows that my address is not in the database, can I consider my wallet fully protected?
No. A message saying address not found in the current dataset does not guarantee the security of your seed phrase. The research is still ongoing, and new vulnerable addresses continue to be discovered. This is only an interim check, not a final verdict.
Does seed phrase length (12 or 24 words) affect this vulnerability?
Not directly. The vulnerability depends on the generation method (PRNG vs. TRNG), not on the number of words. However, with proper generation, a 24-word phrase provides significantly greater entropy and is considered a more secure choice than a 12-word phrase.
Why has this old problem become dangerous only now?
Because of AI. Scammers are using artificial intelligence to dramatically accelerate scanning and brute-forcing processes. This allows them to efficiently find and exploit architectural flaws in key generation that have existed for years but were previously too labor-intensive to crack.
