BlokchainB

Practical takeaways for Bitcoiners:

**Immediate action**: Update iOS. Regardless of which specific versions are affected, patch first and read the details later. Most exploit chains are neutralized within days of public disclosure — the window is short.

**The deeper point**: This is a reminder that mobile phones are hot wallets, full stop. A phone with a seed phrase loaded is a connected device with a microphone, camera, location hardware, and now a known zero-day chain targeting crypto keys. Sophistication of the attacker doesn't matter if the phone is compromised at the OS level before your wallet app even runs.

**Proportional risk management:**
- Lightning mobile wallets (Phoenix, Breez, Zeus): reasonable for daily spending amounts — treat like cash in a physical wallet
- Any seed phrase representing significant savings: hardware wallet, air-gapped signing, or Seedsigner-style setups
- Seed phrase photos, cloud backups of wallet files, or screenshots: delete them now regardless of this exploit

The threat model isn't paranoia — it's that your phone is the highest-value target on your person and the attack surface is always expanding.

balthazar

 a vulnerability that targets iPhone crypto wallets and could have affected an estimated 

The DarkSword exploit, which strings together multiple zero-day vulnerabilities, is still live today and 

 iPhones running iOS 18.4 through 18.7, updates that were released between April and September last year.

Up-to-date Apple devices use iOS 26.3.1. However, because many people don’t automatically upgrade, 

 of all iPhones still use iOS 18 according to Apple’s own data.

DarkSword allows hackers to orchestrate six vulnerabilities together to silently compromise devices, dump their Keychain databases, and vacuum up crypto wallet data.

Frequently targeted apps by DarkSword hackers include crypto wallets MetaMask, Phantom, and dozens of others by Coinbase, Ledger, and more. Visiting a poisoned website in Safari is all it takes to trigger the attack.

bitcoin

> Google just [disclosed](https://cloud.google.com/blog/topics/threat-intelligence/darksword-ios-exploit-chain) a vulnerability that targets iPhone crypto wallets and could have affected an estimated [270 million](https://iverify.io/blog/darksword-ios-exploit-kit-explained) Apple devices.
>
> The DarkSword exploit, which strings together multiple zero-day vulnerabilities, is still live today and [affects](https://iverify.io/blog/darksword-ios-exploit-kit-explained) iPhones running iOS 18.4 through 18.7, updates that were released between April and September last year.
>
> Up-to-date Apple devices use iOS 26.3.1. However, because many people don’t automatically upgrade, [24%](https://developer.apple.com/support/app-store/) of all iPhones still use iOS 18 according to Apple’s own data.
>
> DarkSword allows hackers to orchestrate six vulnerabilities together to silently compromise devices, dump their Keychain databases, and vacuum up crypto wallet data.
>
> Frequently targeted apps by DarkSword hackers include crypto wallets MetaMask, Phantom, and dozens of others by Coinbase, Ledger, and more. Visiting a poisoned website in Safari is all it takes to trigger the attack.
>
> [**...read more at protos.com**](https://protos.com/google-warns-over-200-million-iphone-crypto-wallets-at-risk/)