The 270 Million iPhone Crypto Heist: How DarkSword's Hit-and-Run Exploit Kit Drains Wallets in Under 60 Seconds
On March 18, 2026, researchers from iVerify, Lookout, and Google published coordinated disclosure of DarkSword — a sophisticated iOS exploit chain that can fully compromise an iPhone, extract every cryptocurrency wallet on the device, and erase all traces of itself in under 60 seconds. No app install required. No user interaction beyond visiting a compromised website.
An estimated 270 million iPhones running iOS 18.4 through 18.6.2 are vulnerable. The exploit specifically targets crypto wallets including MetaMask, Phantom, Coinbase Wallet, Ledger Live, Exodus, Uniswap, and Gnosis Safe — alongside exchange apps like Binance, Kraken, KuCoin, OKX, and MEXC.
This isn't theoretical. DarkSword has been observed in active campaigns against targets in Ukraine, Saudi Arabia, Turkey, and Malaysia. Google attributes it to UNC6353, a Russian-backed group, along with UNC6748 and Turkish commercial surveillance vendor PARS Defense.
How the Kill Chain Works
DarkSword is the second "mass" iOS exploit kit discovered in March 2026, following the Coruna kit disclosed two weeks earlier. Both share infrastructure but were built by different teams — evidence of a growing secondary market for mobile exploit kits.
The attack chain is entirely JavaScript-based, with no binary implants:
Stage 1: Watering Hole
└─ Victim visits compromised legitimate website
└─ Invisible iframe loads rce_loader.js from C2
Stage 2: Device Fingerprinting
└─ rce_loader.js checks iOS version (18.4 - 18.6.2)
└─ Routes to version-specific exploit modules
└─ Non-matching devices are ignored
Stage 3: Safari WebKit Exploit
└─ JIT vulnerability in Safari's JavaScript engine
└─ Achieves code execution in WebContent process
└─ Offsets hardcoded for iPhone Xs through iPhone 16
Stage 4: Sandbox Escape
└─ Two-stage escape via WebGPU pivot
└─ Injects into mediaplaybackd daemon
└─ Achieves out-of-sandbox code execution
Stage 5: Kernel Privilege Escalation
└─ pe_main.js crafts kernel read/write primitives
└─ Modifies sandbox restrictions
└─ Gains access to restricted filesystem
Stage 6: Data Extraction
└─ Injects JavaScript payloads into privileged services:
• configd — network configuration & passwords
• wifid — WiFi credentials
• securityd — Keychain items (wallet seeds, passwords)
• UserEventAgent — user activity data
Stage 7: Exfiltration & Cleanup
└─ Final payload injected into Springboard
└─ Stages and exfiltrates: crypto wallets, passwords,
SMS/iMessage, photos, iCloud data, Safari history
└─ Deletes all created files
└─ Process exits cleanly — no persistence
The entire attack — from page load to data exfiltration to cleanup — completes in seconds to minutes. No persistence. No ongoing surveillance. Hit and run.
Why This Is a DeFi Emergency
DarkSword isn't just another spyware tool. Its crypto-specific targeting reveals a deliberate financial motivation that should alarm every DeFi user and protocol team:
What Gets Stolen
Crypto Wallets Targeted:
├─ MetaMask ├─ Phantom (Solana)
├─ Coinbase Wallet ├─ Exodus
├─ Ledger Live ├─ Trezor Suite
├─ Uniswap Wallet ├─ Gnosis Safe
└─ Trust Wallet └─ Rainbow
Exchange Apps Targeted:
├─ Binance ├─ Coinbase ├─ Kraken
├─ KuCoin ├─ OKX ├─ MEXC
└─ Bybit └─ Gate.io └─ Bitget
Exfiltrated Data:
├─ Keychain entries (seed phrases, private keys, passwords)
├─ App-specific storage (wallet databases)
├─ Safari cookies & sessions (exchange sessions)
├─ iCloud Keychain sync data
└─ Notes app (where many users store recovery phrases)
The Kill Chain for DeFi Users
Once DarkSword extracts wallet data, the attacker has everything needed for total account takeover:
- Seed phrase extraction → Full wallet control across all chains
- Exchange session theft → Withdraw from CEX accounts before 2FA triggers
- Password harvest → Access email accounts to reset exchange passwords
- Approval exploitation → Use existing token approvals to drain DeFi positions
- Cross-chain sweep → Automated draining scripts hit all chains simultaneously
The "hit and run" nature makes this particularly devastating: by the time you notice anything wrong, DarkSword has already cleaned up and the attacker has your keys.
The Secondary Exploit Market Problem
What makes DarkSword especially concerning for the DeFi ecosystem is what it reveals about the commoditization of mobile exploits:
- DarkSword and Coruna share infrastructure but were built by different teams — indicating exploit trading or resale
- LLM-generated code was found in both kits — the server-side component of DarkSword contains telltale signs of AI-generated code with detailed notes
- No obfuscation — the JavaScript retained original variable names and comments, suggesting the deployers bought the kit rather than building it
- Multi-actor deployment — Google observed DarkSword being used by at least three different threat actors (UNC6353, UNC6748, PARS Defense)
This means the next DarkSword variant could be deployed by any financially motivated group willing to pay for it. The barrier to entry for iOS zero-day exploitation has dropped from nation-state budgets to organized crime budgets.
Defense Architecture for DeFi Users and Teams
Layer 1: Device-Level Hardening
#!/bin/bash
# iOS version check - ensure devices are on patched versions
# iOS 18.7.3+ or iOS 26.3+ are NOT vulnerable
# Critical: These iOS versions are VULNERABLE to DarkSword:
VULNERABLE_VERSIONS=(
"18.4" "18.4.1" "18.4.2"
"18.5" "18.5.1" "18.5.2"
"18.6" "18.6.1" "18.6.2"
)
echo "=== DarkSword Vulnerability Check ==="
echo "Vulnerable iOS versions: 18.4 through 18.6.2"
echo "Patched versions: iOS 18.7.3+ or iOS 26.3+"
echo ""
echo "Action items:"
echo "1. Update ALL team devices to iOS 26.3+ immediately"
echo "2. Enable automatic updates"
echo "3. Use MDM to block devices on vulnerable versions"
echo "4. Deploy mobile threat detection (Lookout, iVerify)"
Layer 2: Wallet Architecture (Assume Device Compromise)
The only defense against a kernel-level exploit that extracts Keychain data is to never store actionable secrets on the device:
Architecture: Defense-in-Depth Wallet Strategy
Tier 1: Hot Wallet (Mobile)
├─ Maximum balance: 1-2 days of expected transactions
├─ No seed phrase storage on device
├─ Hardware wallet signing required for > $500
└─ Monitored with real-time alerts
Tier 2: Warm Wallet (Hardware Wallet)
├─ Ledger/Trezor — keys NEVER touch a general-purpose device
├─ Used for DeFi interactions above threshold
├─ Blind signing DISABLED
└─ Transaction simulation required before signing
Tier 3: Cold Storage (Airgapped)
├─ Majority of holdings
├─ Multisig (2-of-3 minimum)
├─ Geographically distributed key shares
└─ Timelock on any withdrawal > 5% of holdings
Layer 3: Smart Contract Defenses
Protocol teams should build defenses assuming users' devices are compromised:
// SPDX-License-Identifier: MIT
pragma solidity ^0.8.20;
/**
* @title DeviceCompromiseGuard
* @notice Defensive patterns for when user devices may be compromised
* @dev Implements withdrawal delays, velocity limits, and guardian recovery
*/
contract DeviceCompromiseGuard {
struct WithdrawalRequest {
uint256 amount;
address token;
uint256 requestedAt;
bool executed;
bool cancelled;
}
mapping(address => WithdrawalRequest[]) public pendingWithdrawals;
mapping(address => uint256) public dailyWithdrawn;
mapping(address => uint256) public lastWithdrawalDay;
mapping(address => address) public guardians;
uint256 public constant WITHDRAWAL_DELAY = 4 hours;
uint256 public constant DAILY_LIMIT = 10 ether;
uint256 public constant GUARDIAN_CANCEL_WINDOW = 24 hours;
event WithdrawalRequested(
address indexed user, uint256 index,
uint256 amount, uint256 unlockAt
);
event WithdrawalCancelled(
address indexed user, uint256 index,
address cancelledBy
);
function requestWithdrawal(
address token,
uint256 amount
) external {
uint256 today = block.timestamp / 1 days;
if (lastWithdrawalDay[msg.sender] != today) {
dailyWithdrawn[msg.sender] = 0;
lastWithdrawalDay[msg.sender] = today;
}
require(
dailyWithdrawn[msg.sender] + amount <= DAILY_LIMIT,
"Daily withdrawal limit exceeded"
);
uint256 index = pendingWithdrawals[msg.sender].length;
pendingWithdrawals[msg.sender].push(WithdrawalRequest({
amount: amount,
token: token,
requestedAt: block.timestamp,
executed: false,
cancelled: false
}));
emit WithdrawalRequested(
msg.sender, index, amount,
block.timestamp + WITHDRAWAL_DELAY
);
}
function guardianCancel(
address user,
uint256 index
) external {
require(msg.sender == guardians[user], "Not guardian");
WithdrawalRequest storage req = pendingWithdrawals[user][index];
require(!req.executed && !req.cancelled, "Already finalized");
require(
block.timestamp <= req.requestedAt + GUARDIAN_CANCEL_WINDOW,
"Cancel window expired"
);
req.cancelled = true;
emit WithdrawalCancelled(user, index, msg.sender);
}
}
For Solana programs:
use anchor_lang::prelude::*;
#[program]
pub mod compromise_guard {
use super::*;
pub fn request_withdrawal(
ctx: Context<RequestWithdrawal>,
amount: u64,
) -> Result<()> {
let request = &mut ctx.accounts.withdrawal_request;
let clock = Clock::get()?;
request.owner = ctx.accounts.owner.key();
request.amount = amount;
request.requested_at = clock.unix_timestamp;
request.executed = false;
request.unlock_at = clock.unix_timestamp + 4 * 3600;
let vault = &mut ctx.accounts.vault;
let today = clock.unix_timestamp / 86400;
if vault.last_withdrawal_day != today {
vault.daily_withdrawn = 0;
vault.last_withdrawal_day = today;
}
require!(
vault.daily_withdrawn + amount <= vault.daily_limit,
ErrorCode::DailyLimitExceeded
);
vault.daily_withdrawn += amount;
msg!("Withdrawal requested: {} lamports, unlocks at {}",
amount, request.unlock_at);
Ok(())
}
pub fn guardian_cancel(
ctx: Context<GuardianCancel>,
) -> Result<()> {
let request = &mut ctx.accounts.withdrawal_request;
require!(!request.executed, ErrorCode::AlreadyExecuted);
let vault = &ctx.accounts.vault;
require!(
ctx.accounts.guardian.key() == vault.guardian,
ErrorCode::NotGuardian
);
request.cancelled = true;
msg!("Withdrawal cancelled by guardian");
Ok(())
}
}
#[error_code]
pub enum ErrorCode {
#[msg("Daily withdrawal limit exceeded")]
DailyLimitExceeded,
#[msg("Already executed")]
AlreadyExecuted,
#[msg("Not authorized guardian")]
NotGuardian,
}
Layer 4: Real-Time Monitoring
"""
DarkSword-style attack detection for crypto operations.
Monitor for signs of mass credential extraction and rapid draining.
"""
import asyncio
import aiohttp
from datetime import datetime, timedelta
SOLANA_RPC = "https://api.mainnet-beta.solana.com"
MONITORED_WALLETS = [
"YOUR_HOT_WALLET_ADDRESS",
"YOUR_TREASURY_ADDRESS",
]
ALERT_THRESHOLDS = {
"rapid_tx_count": 5,
"rapid_tx_window": 600,
"large_transfer_sol": 50,
"approval_burst": 3,
}
async def monitor_wallet_activity():
"""Monitor for DarkSword-style mass drain patterns."""
async with aiohttp.ClientSession() as session:
while True:
for wallet in MONITORED_WALLETS:
payload = {
"jsonrpc": "2.0",
"id": 1,
"method": "getSignaturesForAddress",
"params": [wallet, {"limit": 20}]
}
async with session.post(SOLANA_RPC, json=payload) as resp:
data = await resp.json()
signatures = data.get("result", [])
if not signatures:
continue
recent_sigs = [
s for s in signatures
if s.get("blockTime", 0) >
(datetime.now().timestamp() -
ALERT_THRESHOLDS["rapid_tx_window"])
]
if len(recent_sigs) >= ALERT_THRESHOLDS["rapid_tx_count"]:
await send_alert(
f"🚨 RAPID TX BURST: {len(recent_sigs)} transactions "
f"in {ALERT_THRESHOLDS['rapid_tx_window']}s "
f"from {wallet[:8]}... "
f"Possible device compromise drain!"
)
await asyncio.sleep(30)
async def send_alert(message: str):
print(f"[{datetime.now().isoformat()}] {message}")
The 5-Point DarkSword Defense Checklist
For every DeFi user and protocol team:
For Users
- [ ] Update iOS immediately — iOS 18.7.3+ or iOS 26.3+ patches all DarkSword vulnerabilities
- [ ] Never store seed phrases on your phone — not in Notes, not in password managers, not in screenshots
- [ ] Use hardware wallets for any significant holdings — software wallets on phones are fundamentally vulnerable to kernel exploits
- [ ] Enable withdrawal alerts on every exchange and protocol — detection speed is your only advantage
- [ ] Deploy a guardian/social recovery wallet — a separate device that can freeze your accounts if compromise is detected
For Protocol Teams
- [ ] Implement mandatory withdrawal delays for amounts above threshold — buys detection time even after full key compromise
- [ ] Add velocity/rate limiting to all value-extracting functions — prevents rapid mass drain
- [ ] Support guardian/co-signer patterns — let users designate a separate device that can veto transactions
- [ ] Monitor for drain patterns — sudden burst of withdrawals across multiple users = possible exploit kit campaign
- [ ] Build approval revocation tools — make it trivial for users to revoke all approvals in one transaction after a compromise
The Bigger Picture: Mobile Is the New Frontline
DarkSword represents a fundamental shift in the DeFi threat landscape. We've spent years hardening smart contracts against reentrancy, oracle manipulation, and flash loan attacks. Meanwhile, the real attack surface moved to the device in your pocket.
Consider the economics:
- Smart contract exploit: Requires finding a novel on-chain bug, often in audited code. Typical yield: $1M-$10M. Detection: immediate.
- DarkSword-style attack: Buy an exploit kit on the secondary market. Target thousands of DeFi users via watering holes. Typical yield: $1K-$100K per victim × thousands of victims. Detection: minutes to never.
The DarkSword model scales better, is harder to attribute, and leaves no on-chain forensic trail until the stolen funds move. For a financially motivated attacker, this is strictly superior to smart contract exploitation.
The DeFi ecosystem needs to internalize a painful truth: your smart contracts are only as secure as the devices that sign transactions for them. A perfectly audited protocol means nothing when the signer's private key was extracted by a JavaScript exploit while they browsed a news site.
This article is part of the DeFi Security Research series. Follow for weekly deep dives into smart contract vulnerabilities, audit tooling, and security best practices across Solana, EVM, and the broader DeFi ecosystem.
Top comments (0)