Google Warning: 270 Million iPhone Encrypted Wallets Threatened by DarkSword, Immediate Upgrade Required to Protect Bitcoin and Ethereum Assets

Gate News: On March 23, Google disclosed a serious vulnerability targeting iPhone encrypted wallets, estimated to have affected approximately 270 million Apple devices. The vulnerability, named DarkSword, incorporates six zero-day exploits and mainly impacts devices running iOS 18.4 to 18.7, which were released between April and September of last year. According to official Apple data, about 24% of iPhones have not yet upgraded to the latest system, facing potential attack risks.

DarkSword allows hackers to infiltrate devices without user awareness, gain kernel-level permissions, and inject JavaScript into iOS privileged processes to steal encrypted wallet data. Affected applications include MetaMask, Phantom, Ledger, and others. It can also access keychain databases, WiFi passwords, iCloud data, Safari cookies, iMessage, WhatsApp chats, call logs, location history, photos, and encryption keys. The attack is triggered simply when users visit malicious websites in Safari.

Google Threat Intelligence team states that since November 2025, DarkSword has been used by threat groups linked to Russia, Turkish surveillance device vendors, and others to target Saudi Arabia, Turkey, Malaysia, and Ukraine. The toolkit specifically searches for apps containing keywords like “metamask,” “ledger,” “trezor,” “phantom,” focusing on crypto asset files.

Apple has patched most of the vulnerabilities in iOS 18.7.2 and 18.7.3, but users who have not upgraded still face risks. For those whose passwords or encrypted wallet data have been stolen, it is essential to change credentials and take additional security measures to prevent personal assets and privacy from being compromised. Experts recommend users immediately update to the latest iOS version and enable system security protections to ensure the safety of Bitcoin, Ethereum, Dogecoin, and other crypto assets.