Cybersecurity firm Coinspect is investigating a weak seed-generation vulnerability involving a mobile crypto wallet built with JavaScript, React Native and Expo. The affected software has not been publicly named, but Coinspect said the wallet has supported EVM chains, Bitcoin and other networks since 2018.
According to Coinspect, the issue centers on how the wallet generates recovery phrases. If seed generation lacks sufficient entropy, attackers may be able to narrow the search space and compromise funds tied to wallets created through the affected application.
To wallet developers:
We are investigating weak seed generation associated with a wallet supporting EVM, Bitcoin, and other chains since 2018.
Evidence points to a JavaScript/React Native/Expo mobile wallet.
It does not appear to be a widely used wallet, based on observed… pic.twitter.com/SK6fAUA1NM
— Coinspect Security (@coinspect) June 19, 2026
Investigation Focuses on a Specific Mobile Stack
Coinspect said the suspected vulnerability involves a JavaScript, React Native and Expo-based wallet implementation. That stack is commonly used for cross-platform mobile apps, but randomness generation must be handled carefully when recovery phrases or private keys are created.
The firm’s initial review suggests the issue likely sits in a lesser-used or closed-source wallet, rather than a major industry-standard application. However, Coinspect has not yet released the wallet’s name or a public list of affected and unaffected products.
The warning is especially relevant for smaller or legacy mobile wallets matching the technical profile. Coinspect has urged developers maintaining wallets built with the same stack to contact the firm and verify whether their implementation could be exposed.
The risk is serious because recovery phrases are the root of wallet control. If a phrase was generated with weak randomness, funds could be vulnerable even without phishing, malware or user error.
Structural Wallet Risk Differs From Phishing
The investigation fits into a broader pattern of wallet-security concerns, but this case is different from seed-stealing scams. Fake wallet apps and phishing tools trick users into entering recovery phrases; a weak seed-generation flaw would mean the phrase may have been unsafe from the moment it was created.
That makes the potential issue more difficult for users to evaluate. Without knowing the affected wallet, users cannot easily determine whether their recovery phrase was generated under unsafe conditions.
At present, Coinspect has not disclosed the scale of affected users, the exact software name or the number of compromised wallets. The firm also has not published a final technical report or remediation checklist.
Until more details are available, the safest interpretation is limited but important: Coinspect is investigating a suspected entropy flaw in a mobile wallet implementation, and developers using the relevant stack should verify their code. The next critical update will be the identification of the affected wallet or a clear safe-wallet exclusion list.