Binance Raises Critical Security Alarm for iPhone Users

Binance has sounded the alarm over a critical, system-level security flaw in Apple’s iOS mobile operating system on iPhone devices.

On March 20, the world’s largest cryptocurrency exchange by trading volume stated that a highly sophisticated exploit could compromise digital wallets without a single tap.

Apple iOS Flaw May Let Hackers Drain Crypto Wallets Without a Click

According to the exchange, the vulnerability primarily affects devices running iOS versions 18.4 through 18.7.

“This issue is not related to any exchange or wallet application, but is a system-level vulnerability in iOS,” Binance stated in its public advisory.

The exchange warned that the zero-click exploit triggers automatically when users visit compromised, yet seemingly legitimate, websites. Once activated, the malware silently extracts sensitive data, including cryptocurrency wallet credentials, without requiring any interaction from the victim.

The Binance alert follows the recent unearthing of the “DarkSword” exploit chain by the Google Threat Intelligence Group.

Google researchers identified that DarkSword deploys three distinct malicious payloads. While “GhostKnife” and “GhostSaber” establish backdoor access and conduct broad surveillance—harvesting messages, location history, and recordings—the most financially damaging component is “GhostBlade.”

GhostBlade is custom-built to hunt cryptocurrency assets. It systematically extracts seed phrases, wallet database files, and session credentials from major mobile wallet platforms.

“GHOSTBLADE is a dataminer written in JavaScript that collects and exfiltrates a wide variety of data from a compromised device. Data collected by GHOSTBLADE is exfiltrated to an attacker-controlled server over HTTP(S),” Google security researchers explained.

Unlike traditional state-sponsored spyware that lingers on a device for long-term intelligence gathering, GhostBlade operates as a digital smash-and-grab.

After siphoning sensitive wallet data, the malware executes an erasure script to cover its tracks, leaving victims unaware that their funds were compromised until hackers transfer the assets.

The Google Threat Intelligence Group has observed suspected state-sponsored actors and commercial surveillance vendors deploying DarkSword since at least November 2025.

The attacks have been concentrated against targets in Saudi Arabia, Turkey, Malaysia, and Ukraine.

Google stated it disclosed the vulnerabilities to Apple, which has since patched the security flaws in iOS 18.7.3.

Cybersecurity experts urge crypto investors to take immediate defensive measures, such as updating their devices to the latest iOS version, avoiding unverified links, and regularly reviewing application permissions.

Additionally, iPhone should enable two-factor authentication and withdrawal whitelists across all financial platforms.