Google recently revealed the DarkSword iOS attack chain, which is more than just a typical cybersecurity incident—it could directly threaten the assets of cryptocurrency users. This attack tool, built using multiple zero-day vulnerabilities, has been widely used by commercial spyware and state-sponsored hacking groups, capable of fully controlling iPhones, accessing wallets, and sensitive data.
As mobile devices increasingly become the main gateway to Web3, high-level iOS attacks like this pose unprecedented risks to crypto users.
What is DarkSword? A multi-vulnerability chain enabling “full intrusion” attacks
According to Google Threat Intelligence Group (GTIG), DarkSword is not a single malicious program but a highly modular iOS attack chain. Attackers leverage a series of vulnerabilities—including zero-days—to break through iPhone security step by step, starting from a user clicking a malicious link.
This “exploit chain” operates by combining different vulnerabilities—initially gaining access, then escalating privileges layer by layer to the system core, ultimately achieving complete control.
Research indicates that DarkSword can bypass iOS’s sandboxing and permission restrictions, allowing hackers to access all device data and functions in a short time.
More than surveillance: crypto wallets and private keys may also be leaked
Unlike traditional spyware, DarkSword’s threat scope has expanded into digital asset territory.
Observed attacks show that attackers can access:
- Message contents and login credentials
- Browsing history and authentication info
- GPS location and device activity
- Microphone and sensor data
- Cryptocurrency wallet information and credentials
This means that if users utilize Web3 wallets or store private keys and seed phrases on their phones, an intrusion could transfer assets unnoticed.
Some variants (like GhostKnife) even have remote command execution capabilities, enabling continuous monitoring and opportunistic asset theft.
Industry-Driven Attacks: Spyware companies and hackers sharing tools
Another key feature of DarkSword is its high level of weaponization and commercialization.
Google states that this attack chain has been adopted by multiple organizations, including commercial surveillance firms and suspected state-backed hacker groups. These entities develop different malicious modules based on the same framework, such as GhostSaber, GhostKnife, and others.
This pattern indicates that advanced hacking techniques are shifting from a few national agencies to being commodified as cybersecurity products available for purchase and use by multiple parties.
For the crypto community, this means lower barriers to attack and a significantly expanded potential target pool.
Hundreds of millions of iPhones at risk; Web3 users need to be more vigilant
Estimates suggest that between 220 million and 270 million iPhones could be affected, covering users on specific iOS versions.
Many users delay updating their systems, allowing vulnerabilities to remain exploitable even after patches are released—highlighting the common “patch delay” issue.
Active attacks have been detected in multiple regions, with some spreading via malicious websites or fake pages. Ordinary users may unknowingly fall victim.
For users frequently engaging in DeFi, NFTs, or trading on mobile devices, the risks are even more direct.
Apple has issued patches, but the “wallet risk” remains unresolved
Apple has released security updates addressing the vulnerabilities and blocked some malicious sources. However, cybersecurity experts generally believe the threat has not been fully eliminated.
The reason is that DarkSword-type attacks are highly reproducible and adaptable. Once the techniques leak, they can be re-used by more hackers.
Additionally, the underground market’s demand for exploit tools continues to grow, making such attacks easier to spread.
This article “High-Risk Vulnerability ‘DarkSword’: Hackers Can Steal Crypto Wallets and Private Keys, Making Crypto Users New Targets” first appeared on Chain News ABMedia.
Disclaimer: The information on this page may come from third parties and does not represent the views or opinions of Gate. The content displayed on this page is for reference only and does not constitute any financial, investment, or legal advice. Gate does not guarantee the accuracy or completeness of the information and shall not be liable for any losses arising from the use of this information. Virtual asset investments carry high risks and are subject to significant price volatility. You may lose all of your invested principal. Please fully understand the relevant risks and make prudent decisions based on your own financial situation and risk tolerance. For details, please refer to
Disclaimer.
