Key Takeaways:
Changpeng Zhao (CZ) issued a warning following Google’s discovery of DarkSword, it is a sophisticated iOS exploit that can control IPhones without user interaction.
The malware will target crypto wallets, private keys, and 2FA credentials before it can delete itself to avoid detection.
Users who are running iOS 18.4 through 18.7 are at risk and are urged to update their devices to the latest security patch immediately.
The Discovery of the DarkSword Threat
The cryptocurrency community is on alert after Changpeng Zhao announced a dangerous security threat revealed by the Google Threat Intelligence Group. DarkSword is an advanced piece of malware that is used by state-backed actors and commercial spyware vendors. Researchers discovered that DarkSword will use a chain of six different vulnerabilities, it will include three zero-day flaws to gain full control over an iPhone system. What makes this attack scary is the watering hole strategy. A user needs to visit a compromised website or click a malicious link in Safari to have their device compromised.
A Targeted Attack on Crypto Wealth
Security firms such as Lookout and iVerify have confirmed that the malware is designed to scan devices for cryptocurrency wallet applications. It will attempt to steal sensitive information such as private keys, seed phrases, and login credentials for exchanges such as Binance and Coinbase. It will target two-factor authentication (2FA) data, which will allow hackers to bypass the security layers that users believe it makes them safe. This focus on assets which makes it one of the most scary mobile threats to crypto in recent years.
The Hit-and-Run Tactic
One of the most dangerous aspects of DarkSword is hit-and-run behavior. This malware works fast to gather data within a few minutes instead of staying on the phone for a long time. After it sends the stolen information to the hackers’ servers, it will delete its files from the iPhone’s system. This cleanup process will make it difficult for security tools or the users to notice that a hack took place. This means that their funds could be stolen before they realize their phone was infected.
How to Protect Your Digital Assets
CZ said the importance of basic security to prevent losses. The DarkSword exploit affects iPhones that are running iOS versions 18.4 to 18.7, which were common in late 2025. Apple released security updates, including iOS 26.3. Security recommends that all users update their software immediately. For those who hold amounts of crypto on their mobile devices, enabling Lockdown Mode in the iPhone settings can provide an extra layer of protection.
Read Next: The U.S. Government Released a Plan to Eliminate Cyber Threat