Your iPhone Might Be a Silent Crypto Snitch – Binance Sounds the Alarm on Zero-Click iOS Heist

Binance has just fired off a public advisory, essentially telling iPhone users that their shiny pocket computers have a critical, system-level security hole. The flaw targets devices running iOS 18.4 through 18.7 and can be exploited without you lifting a finger—which is convenient for everything except security.

According to the exchange, this zero-click exploit kicks off when you innocently browse to a compromised but legit-looking website. From there, malware goes to work like a digital pickpocket, silently vacuuming up sensitive data—including your precious crypto wallet keys—all without needing a single tap of consent. Talk about a rug pull you didn't even see coming.

Google's Threat Intelligence Group (GTIG) recently pulled back the curtain on this exploit chain, which they've charmingly named "DarkSword." It deploys a trio of nasty payloads: GhostKnife and GhostSaber, which set up backdoors and conduct broad surveillance, and the main attraction, GhostBlade. This JavaScript-based dataminer is a crypto-specific bloodhound, sniffing out seed phrases, wallet database files, and session credentials from popular mobile wallets like MetaMask and Phantom. To add insult to injury, it then runs an erasure script to cover its tracks—the digital equivalent of a cat burglar who also vacuums.

GTIG reports that DarkSword has been lurking in the wild since at least November 2025, with suspected state-sponsored actors and commercial surveillance vendors targeting users in Saudi Arabia, Turkey, Malaysia, and Ukraine. A tweet from CryptosRus dropped the chilling stat that over 200 million iPhones could be sitting ducks. That's a lot of potential seed phrases looking for a new home.

Apple, in a classic "patch it Tuesday" move, has fixed the flaws in iOS 18.7.3 and is now urgently telling all iPhone and iPad owners to update immediately. Meanwhile, cybersecurity experts are advising crypto investors to also avoid unverified links like they're a shady Telegram admin, review app permissions, enable two-factor authentication, and use withdrawal whitelists on financial platforms. Consider it basic digital hygiene.

The moral of the story is simple: update your iOS, treat random links with the skepticism of a degen reading a "100x guaranteed" tweet, and lock down your wallets. Do it before the next zero-click heist decides to make a withdrawal from your portfolio without asking.