Cryip
  • Home
  • News
  • Research & Analysis
  • Reviews & Comparisons
  • Learn Crypto
  • Features
  • Events
No Result
View All Result
Cryip
  • Home
  • News
  • Research & Analysis
  • Reviews & Comparisons
  • Learn Crypto
  • Features
  • Events
No Result
View All Result
Cryip
No Result
View All Result
Home News Security & Hacks

DarkSword iOS Exploit Targets Crypto Wallets, Google Warns Millions at Risk

A sophisticated zero-click exploit chain targets millions of iOS devices, silently stealing crypto assets through critical zero-day vulnerabilities.

Saravana Kumar Mahendran by Saravana Kumar Mahendran
March 21, 2026
in Security & Hacks
0 0
DarkSword iOS Exploit
Share on FacebookShare on Twitter
MakeCryipCryippreferred onGoogle

Google Threat Intelligence has identified DarkSword, a complete iOS exploit chain that deploys six zero-day vulnerabilities to seize full device control on iPhones running iOS 18.4 through 18.7. Users face compromise without installing any app or clicking links beyond simply visiting a compromised website, enabling attackers to extract private keys and credentials from major crypto platforms before self-erasing traces. The campaign, active since November 2025, ties to espionage and surveillance entities and has prompted Apple patches in the latest builds. Security firms urge immediate updates amid confirmed large-scale deployment.

DarkSword iOS Exploit
DarkSword iOS Exploit

DarkSword Chain Revealed

Google Threat Intelligence Group, working alongside iVerify and Lookout, detailed how the JavaScript-based kit fingerprints devices via malicious iframes on watering-hole sites before chaining exploits that escape the Safari sandbox, achieve kernel privileges, and load payloads into system processes like configd and Springboard. The chain specifically enumerates and harvests data from Coinbase, Binance, Kraken, KuCoin, OKX, MEXC, Ledger, Trezor, MetaMask, Exodus, Uniswap, Phantom, and Gnosis Safe, along with passwords and account details, all within minutes in a hit-and-run operation. iVerify analysis estimates 14.2 percent of iOS users, roughly 221 million devices, on vulnerable builds remain exposed pending updates, with the kit last modified in December 2025 and sharing infrastructure patterns with prior kits like Coruna.

Crypto Theft Alarms

The operation blends espionage with clear financial motives, as payloads rapidly stage and exfiltrate wallet contents before cleanup, leaving victims unaware until funds vanish. Ledger CTO Charles Guillemet explicitly warned the exploit “is already deployed at scale,” highlighting risks for hardware and software wallet holders alike. Lookout researchers noted the stealth surpasses typical malware by injecting directly into privileged services and leveraging potential AI-assisted code, while Google added delivery domains to Safe Browsing lists. This follows broader security efforts by Google, including recent fixes to critical browser vulnerabilities. Unpatched users in targeted regions face immediate credential and asset loss, reinforcing calls for Lockdown Mode activation where full updates prove impossible and underscoring the shift toward mass exploitation of mobile crypto holdings.

Critical Incident Facts

  • iVerify projects up to 270 million broader iOS 18 devices potentially susceptible before accounting for partial fixes in 18.7.x branches.
  • Key zero-day CVE-2026-20700 (dyld PAC bypass) and companion flaws like CVE-2025-14174 were reported to Apple in late 2025 and fully closed in iOS 26.3.1 alongside 18.7.6.
  • Threat clusters include UNC6353 deploying GHOSTBLADE against Ukrainian targets and PARS Defense customers using GHOSTSABER variants regionally.
  • Recommendation remains updating to the newest iOS builds or enabling Lockdown Mode, as Google has integrated protections and collaborated on IOC sharing.
Disclaimer: Cryip is an independent media and research outlet providing news, data, and analysis on the cryptocurrency industry. Content is for informational and research purposes only and does not constitute financial, legal, tax, or investment advice. Cryptocurrency markets are volatile and past performance is not indicative of future results. References to specific assets, platforms, or incidents are for journalistic purposes only and do not imply endorsement, and readers assume full responsibility for their decisions.

Related Story

Ledger Researchers Disclose Tangem Card Flaw

Ledger Researchers Reveal Laser Flaw in Tangem Cards as Firm Downplays User Risk

July 10, 2026
Hackers Target Injective Wallet Keys Through Compromised npm Package

Malicious Injective SDK Package Targets Private Keys and Seed Phrases

July 10, 2026
Tags: crypto securityGoogle

Related Posts

Ledger Researchers Disclose Tangem Card Flaw
Security & Hacks

Ledger Researchers Reveal Laser Flaw in Tangem Cards as Firm Downplays User Risk

by Saravana Kumar Mahendran
July 10, 2026

Ledger’s security research unit has disclosed a physical attack that can reset the password on a Tangem hardware wallet card,...

Read moreDetails
Hackers Target Injective Wallet Keys Through Compromised npm Package

Malicious Injective SDK Package Targets Private Keys and Seed Phrases

July 10, 2026
Google Expands Chrome Web Store Rules for Prediction Markets

Google Expands Chrome Web Store Rules for Prediction Markets

July 8, 2026
Secret Network Proposes SCRT Move to Arbitrum as AI Exploit Risks Reshape Security Priorities

Secret Network Proposes SCRT Move to Arbitrum as AI Exploit Risks Reshape Security Priorities

July 8, 2026
TRON Introduces Quantum-Safe Signatures

TRON Introduces Quantum-Safe Signatures Across Nile Testnet

July 3, 2026
Taiko Bridge Reopens After $1.7 Million Hack, Restores Cross-Chain Operation

Taiko Bridge Reopens After $1.7 Million Hack, Restores Cross-Chain Operations

July 2, 2026
Microsoft Uncovers Crypto Malware That Spreads Like a Worm and Hides Behind Tor

Microsoft Warns of CryptoBandits Malware Using USB Worm Tactics and Tor Network

June 19, 2026
Next Post
Hong Kong Crypto Scam

Hong Kong Crypto Scam: Retiree Loses HK$6.6 Million in Multi-Stage Fraud

Bitcoin for Corporations 2026 Wynn Las Vegas

Michael Saylor "The Orange March Continues" Hints at More Strategy Bitcoin Purchases

Recommended

  • All
  • News
Former Meta Engineer Says Quantum Computing and Miner Incentives Are Bitcoin's Biggest Long-Term Risks

Former Meta Engineer Says Quantum Computing and Miner Incentives Are Bitcoin’s Biggest Long-Term Risks

July 11, 2026
Vitalik Buterin Urges Elon Musk to Transform X Into a Platform for AI Governance

Vitalik Buterin Urges Elon Musk to Transform X Into a Platform for AI Governance

July 11, 2026
Ethereum Uses Just 7.87 GWh of Electricity Annually After The Merge, Cambridge Study Finds

Ethereum Uses Just 7.87 GWh of Electricity Annually After The Merge, Cambridge Study Finds

July 11, 2026
DOJ Moves to End BitClub Founder’s $722 Million Crypto Fraud Case

DOJ Moves to End BitClub Founder’s $722 Million Crypto Fraud Case

July 11, 2026
DOJ Moves to End BitClub Founder’s $722 Million Crypto Fraud Case

DOJ Moves to End BitClub Founder’s $722 Million Crypto Fraud Case

July 11, 2026
AI Agents Now Have a New Internet Court to Settle Disputes

AI Agents Now Have a New Internet Court to Settle Disputes

July 10, 2026
Ledger Researchers Disclose Tangem Card Flaw

Ledger Researchers Reveal Laser Flaw in Tangem Cards as Firm Downplays User Risk

July 10, 2026
Circle Receives Final OCC Approval to Launch National Trust Bank

Circle Wins Federal Approval to Launch Regulated Digital Asset Trust Bank

July 10, 2026

Cryip focuses on crypto research and on-chain analysis, supported by coverage of markets, regulation, security events, and blockchain ecosystems.

Recent Posts

  • BingX launches the BingX Visa Debit Card, bridging digital assets and everyday payments
  • Bonzo Lend Oracle Exploit Triggers Cross-Chain Fund Transfers on Hedera
  • Former Meta Engineer Says Quantum Computing and Miner Incentives Are Bitcoin’s Biggest Long-Term Risks

Categories

  • AI × Crypto
  • Data & Dashboards
  • DeFi Basics
  • Investing Basics
  • Market & Price
  • Market Updates
  • On-Chain Analysis
  • OpSec
  • Policy & Regulation
  • Post Mortems
  • Press Release
  • Reports
  • Scams & Fraud
  • Security & Hacks
  • Stablecoins
  • Tokenomics
  • VC & Funding
  • Wallets & Custody

Company

  • About Us
  • Contact Us
  • Editorial Standards & Integrity
  • Our Team
  • Privacy Policy
  • Review Methodology
  • Terms and Conditions
  • Trust, Disclosures & Independence

© 2026 Cryip - Research-Driven Crypto Analysis & News by Hashlays.

Welcome Back!

Login to your account below

Forgotten Password?

Retrieve your password

Please enter your username or email address to reset your password.

Log In

Add New Playlist

No Result
View All Result
  • Home
  • News
  • Research & Analysis
  • Reviews & Comparisons
  • Learn Crypto
  • Features
  • Events

© 2026 Cryip - Research-Driven Crypto Analysis & News by Hashlays.

This website uses cookies. By continuing to use this website you are giving consent to cookies being used. Visit our Privacy and Cookie Policy.