The 270 Million iPhone Crypto Heist: How DarkSword's Hit-and-Run Exploit Kit Drains Wallets in Under 60 Seconds

The 270 Million iPhone Crypto Heist: How DarkSword's Hit-and-Run Exploit Kit Drains Wallets in Under 60 Seconds On March 18, 2026, researchers from iVerify, Lookout, and Google published coordinated disclosure of DarkSword — a sophisticated iOS exploit chain that can fully compromise an iPhone, extract every cryptocurrency wallet on the device, and erase all traces of itself in under 60 seconds. No app install required. No user interaction beyond visiting a compromised website. An estimated 270 million iPhones running iOS 18.4 through 18.6.2 are vulnerable. The exploit specifically targets crypto wallets including MetaMask, Phantom, Coinbase Wallet, Ledger Live, Exodus, Uniswap, and Gnosis Safe — alongside exchange apps like Binance, Kraken, KuCoin, OKX, and MEXC. This isn't theoretical. DarkSword has been observed in active campaigns against targets in Ukraine, Saudi Arabia, Turkey, and Malaysia. Google attributes it to UNC6353, a Russian-backed group, along with UNC6748 and Turkish c