State-Grade Malware Targets iPhone Crypto Wallets: Your Digital Fortune Under Siege
Your iPhone's crypto wallet just became a high-value target for nation-state hackers. A new wave of sophisticated malware is bypassing Apple's security layers, hunting digital assets with military-grade precision.
The Invisible Intruder
This isn't your average phishing scam. We're talking about code so advanced it leaves almost no trace—exploiting zero-day vulnerabilities before patches even exist. It doesn't just steal your keys; it watches you enter them, then quietly empties your wallet while you check the latest memecoin pump.
Why iPhones? Why Now?
Mobile wallets represent the frontier of crypto convenience and, consequently, its greatest vulnerability. The sheer value now stored on these devices has turned them into priority-one targets for well-funded, state-aligned groups. The promise of 'self-custody' rings hollow when your pocket vault can be cracked open remotely.
The Security Myth
Hardware wallets get the hype, but most users still trade and interact from their phones for sheer convenience. This attack vector proves that convenience is the ultimate security trade-off—a lesson Wall Street learned centuries ago, yet crypto relearns daily with more zeros on the line.
Guard Your Bag
Assume your phone is compromised. Use dedicated hardware for significant holdings, enable every biometric lock, and treat app permissions like they're handing out your private key. In crypto, your paranoia level should always be slightly higher than your portfolio's all-time high.
The final irony? The very decentralization meant to protect your wealth now makes recovering stolen funds nearly impossible—turning sophisticated theft into the perfect, untraceable crime. Maybe some traditions, like losing your life savings to faceless actors, are truly timeless.
Confirmed & Analyzed
pic.twitter.com/fOsWmLGxIK
— Crypto Analyst (@shuklarewa9082) March 5, 2026
That matters. For years, advanced exploit chains were the exclusive domain of nation-state intelligence agencies. Coruna marks a terrifying regime change: state-grade surveillance tools have been repackaged for mass-market retail theft.
This iPhone crypto wallet warning comes as Chainalysis reported in 2025 that the crypto theft market is valued at over $75Bn, with wallet drainers accounting for a large amount of that figure.
How Coruna Exploits 23 iOS Vulnerabilities to Drain Crypto Wallets
The Coruna exploit kit is a highly efficient “1-click” attack that activates when a user visits a compromised site, often posing as a gambling or news platform.
It targets vulnerabilities in WebKit to breach the device, then uses local privilege escalation exploits to escape the browser’s sandbox.
Analyzing iOS versions 13.0 to 17.2.1, Coruna employs multiple entry points to deliver a crypto wallets drainer designed to steal blockchain assets.
It scans the file system for cryptocurrency-related strings, checks the photo library for QR codes, and extracts mnemonic phrases from the Notes app.
This automated exploitation can result in immediate and irreversible theft of assets, and any iPhone user who uses their device for crypto trading and asset storing needs to stay vigilant.
State-Grade Malware Goes Mass Market
Previously, exploit chains of this complexity were hoarded by entities like NSO Group for targeted surveillance of high-value targets—dissidents, journalists, or diplomats.
Coruna flips the script. It takes vulnerabilities weaponized in campaigns like Operation Triangulation, a suspected state-sponsored attack, and hands them to financially motivated criminal groups.
The barrier to entry for executing a sophisticated MetaMask hack or draining a Trust Wallet has collapsed, and even the most inexperienced tech heads can now carry it out.
This follows a disturbing pattern whereby tools developed for espionage inevitably leak into the broader cybercriminal ecosystem. The attackers behind Coruna are not looking for state secrets. They are looking for liquidity.
This is industrial-scale theft. The iVerify security firm documented the exploit affecting at least 42,000 devices, with total losses not yet announced.
BREAKING: New "Coruna" iOS Exploit Targets Crypto Wallets!
Apple users, stop being exit liquidity! "Coruna" packs 23 exploits for 3 targets: 1) iOS 13-17.2.1 users 2) MetaMask/Uniswap degens 3) Phishing link clickers.
Open a site, and it auto-scans for your seed phrases.
pic.twitter.com/zE2ZBmdtuD
Who Is Being Targeted and Why Mobile Crypto Traders Are Especially Exposed
If you trade on mobile and hold self-custody wallets, you are the target profile. The attack vectors are often embedded in sites that crypto users frequent: unregulated gambling interfaces, dubious token claim pages, and third-party app stores.
The malware explicitly targets data directories associated with major non-custodial wallets. It looks for the encrypted vaults of MetaMask, BitKeep (now Bitget Wallet), and Trust Wallet. If the encryption is weak, or if the user has stored the password in a compromised keychain or note, the wallet is drained.
The risk is compounded by user behavior. Mobile traders frequently interact with DApps and sign transactions on the go, often prioritizing speed over security hygiene.
Coruna exploits this complacency. It doesn’t need to trick you into signing a bad transaction; it simply steals the keys to the castle while you browse.
For now, proceed with caution and consider moving your crypto funds to cold wallet storage, such as a Ledger or Trezor.
