headline, Google warns over 200 million iPhone crypto wallets at risk, published at 720pm,
March 20th, 2026. Google just disclosed a vulnerability that targets iPhone crypto wallets
and could have affected an estimated 270 million Apple devices. The dark sword exploit,
which strings together multiple zero-day vulnerabilities, is still live today and affects iPhones
running iOS 18.4 through 18.7. Updates that were released between April and September last year.
Up-to-date Apple devices use iOS 26.3.1. However, because many people don't automatically upgrade,
24% of all iPhones still use iOS 18 according to Apple's own data.
Darksword allows hackers to orchestrate six vulnerabilities together to silently compromise devices,
dump their keychain databases, and vacuum up crypto wallet data. Frequently targeted apps by darksword
hackers include crypto wallets, metamask, phantom, and dozens of others by coinbase, ledger, and more.
Visiting a poisoned website in Safari is all it takes to trigger the attack.
Google's threat intelligence group has observed Russian state-linked hackers,
a Turkish surveillance vendor, and another threat cluster wielding darksword against targets in
Saudi Arabia, Turkey, Malaysia, and Ukraine since at least November 2025.
Read more. Legacy DeFi platforms lose $27 million as hacking spree continues into 2026.
Zero-day access to iPhone crypto wallet files. Darksword isn't a keylogger or clipboard
sniffer. It gains kernel-level access, then injects JavaScript into privileged iOS system
processes to pillage the device. The sinister toolkit hunts specifically for crypto wallet files,
scanning for apps matching terms like metamask, ledger, treasurer, phantom, coinbase,
finance, and kraken. It grabs whatever wallet data it finds. It can also pull the device's key
chain database, which is an Apple system-level storage service for passwords. Darksword can
also access Wi-Fi passwords, iCloud data, Safari cookies, iMessages, WhatsApp histories,
call logs, location histories, photos, and encryption keys protecting stored credentials called
keybags. Read more. Venus Protocol hacker lost $4.7 million after nine months of planning.
All six vulnerabilities have now received patches if an iPhone user upgrades their operating
system. Apple addressed most in iOS 18.7.2 and 18.7.3. However, if their passwords, files,
or crypto wallet data have already been stolen, all of those credentials and personal security
implications would have to be re-secured. This audio is AI-generated. Got a tip?
Send us an email securely via ProtosLeaks. For more informed news and investigations,
follow us on X, Blue Sky, and Google News, or subscribe to our YouTube channel.
