Consumer Protection Tuesday: DarkSword iPhone Exploit - What You Need to Know & How to Stay Safe

This post is part of a weekly Tuesday series at Coinbase about the latest consumer protection and security measures for crypto owners.

At Coinbase, we're on a mission to help update the financial system to make it safer and more secure. While only 0.14% of blockchain transactions are used for illicit activity, and cash remains the preferred medium for illegal transactions, crypto security is always a top priority. Coinbase maintains a robust compliance program, which includes Know Your Customer (KYC) checks, sanctions screenings, suspicious activity reporting, and strong law enforcement partnerships to detect and prevent illicit activity on our platform.

Last week, cybersecurity researchers uncovered a hacking campaign targeting iPhone users using an advanced exploit called DarkSword. Since then, a newer version of the tool has been leaked and published publicly, meaning virtually anyone can now use it to attack vulnerable devices.

According to researchers at iVerify and Google, the exploit requires no iOS expertise to deploy. An attacker can have it up and running in minutes. Once a device is compromised, DarkSword can steal your contacts, messages, call history, and critically your iOS keychain, which stores Wi-Fi passwords, saved credentials, and other secrets.

If you use your iPhone to access crypto wallets, exchanges, or banking apps, this is a direct threat to your financial security.

DarkSword targets devices running iOS 18 or earlier. According to Apple's own data, roughly one-quarter of all iPhones and iPads, potentially hundreds of millions of devices, are still running vulnerable software.

If you're not sure which version you're on, go to Settings > General > Software Update to check.

1. Update to iOS 26 Immediately
This is the single most important thing you can do. Apple has patched the vulnerabilities that DarkSword exploits. If your device supports iOS 26, update now. If your device can't run iOS 26, Apple issued an emergency security patch on March 11, make sure that's installed.

2. Enable Lockdown Mode
Apple has confirmed that Lockdown Mode blocks these specific attacks. To enable it, go to Settings > Privacy & Security > Lockdown Mode. It restricts some device functionality, but it's a powerful safeguard if you believe you may be a target.

3. Enable Multi-Factor Authentication (MFA) on All Financial Accounts
Even if your device is compromised, MFA, especially hardware keys like YubiKeys or app-based authenticators, adds a critical barrier between an attacker and your funds.

4. Review Your iOS Keychain
If you've been running an outdated iOS version, consider changing passwords stored in your keychain, especially for crypto exchanges, email, and banking apps. Use a reputable password manager to generate new, unique credentials.

5. Be Wary of Unfamiliar Links
DarkSword can be delivered through simple web pages. Don't click links from unknown senders, whether in texts, emails, or social media DMs.

6. Turn On Automatic Updates
Go to Settings > General > Software Update > Automatic Updates and make sure everything is toggled on. This ensures you're always protected against the latest known threats without having to remember to check manually.

Exploits like DarkSword are a reminder that device security and crypto security go hand in hand. Your exchange account is only as safe as the phone you access it from.

And always remember: Coinbase will never call, text, or message you asking to move your funds or share your password. Anyone who does is a scammer.

Share this with your family and friends. A two-minute software update could save someone from a devastating loss.