Google Warns of Powerful New iPhone Exploit for Crypto Wallets

Google’s Threat Intelligence Group has issued a critical warning regarding a sophisticated new Coruna exploit kit that specifically targets iPhone users to drain crypto wallets.

Security researchers indicate that this is not a theoretical threat but an active campaign, marking a terrifying shift where nation-state surveillance tools are being repurposed for mass financial theft.

The urgency of this threat cannot be overstated, as the exploit kit operates silently in the background, hunting for private keys and backup phrases without the victim ever signing a transaction.

As confirmed by multiple security firms, the attackers are leveraging this vulnerability to bypass standard device protections, leaving even cautious investors exposed.

How the Coruna iPhone Exploit Kit Silently Drains Crypto Wallets

The Google TAG (Threat Analysis Group) report details a terrifyingly efficient attack vector. Unlike clumsy email scams, the Coruna kit employs a sophisticated chain of vulnerabilities that can be executed simply by visiting a compromised website, often disguised as a legitimate service or exchange.

Once a user lands on a malicious site, the kit fingerprints the device to check for specific iOS vulnerability sets. If the device is running a vulnerable version of iOS (specifically versions prior to 17.3), the exploit executes a “sandbox escape,” gaining root privileges on the phone.

From there, the malware acts as a ruthless wallet drainer. It specifically scans the device’s file system and clipboard for strings of text resembling BIP39 seed phrases, private keys, or keywords such as “backup” and “recovery.”

Security analysts note that the kit is programmed to target data from specific applications, including MetaMask, Trust Wallet, and BitKeep, and exfiltrate the keys to remote command-and-control servers.

Why Retail Crypto Wallets Are the Prime Target for Spy-Grade Hacking Tools

The emergence of Coruna highlights a troubling trend in cyber-weaponry, signaling a democratization that should alarm mobile crypto users. Advanced exploit chains, once reserved for government agencies targeting political dissidents, are now sold on the black market to illicit crypto syndicates.

This shift aligns with a move among criminal networks from complex scams to direct exploitation of self-custody wallets, offering immediate payouts without chargebacks.

Users relying solely on MetaMask’s advice to “never share your seed phrase” face new risks; if an iPhone is compromised, user precautions become irrelevant.

As the Bitcoin price sits near $72,000, security concerns further dampen retail sentiment. Currently, the Crypto Fear & Greed Index stands at 22/100 (Extreme Fear), with news of hardware-level exploits adding to the bearish climate for on-chain activity.

DISCOVER: Top Crypto Presales to buy in February

What MetaMask and BitKeep Users on iPhone Should Do Immediately

The most effective defense against the Coruna exploit is to eliminate the vulnerability entirely. Google TAG and Apple explicitly recommend updating to the latest version of iOS immediately, as the specific exploit chains used by Coruna were patched in iOS 17.3 and later.

For users who cannot update their devices due to hardware limitations, enabling “Lockdown Mode” is a critical stopgap. This feature, found in the Privacy & Security settings of newer iOS versions, severely limits the execution of complex web technologies, such as the JavaScript used to deliver the Coruna payload.

Furthermore, eagle-eyed investors should consider moving significant holdings to hardware wallets (cold storage) rather than keeping them on internet-connected mobile devices. As industry leaders highlight privacy and security gaps in mobile payment infrastructures, separating long-term storage from daily active devices remains the only failsafe against zero-day exploits.

This threat is evolving, and security researchers expect updated versions of the kit to surface shortly. Crypto wallets are at risk, and anyone using them on iOS should tread carefully for now.

This is an emerging story, and any updates regarding new iOS patches or affected wallets will be published here on CoinNews, so be sure to keep checking back.

EXPLORE: Best Crypto Meme Coins to buy in 2026

Drop CoinNews a Follow on X and Telegram for all of the Latest Crypto Market Updates and Professional Market Analysis.