Google Warns of “Coruna” iPhone Exploit That Could Drain Crypto Wallets

A newly discovered iPhone vulnerability is raising alarms across the crypto community. Security researchers say a sophisticated exploit kit called Coruna is targeting older iPhones and could potentially steal sensitive crypto wallet data, including recovery phrases.

The warning comes from the Google Threat Intelligence Group, which revealed that the exploit aggressively scans devices running outdated versions of Apple’s mobile software.

How the Coruna Attack Works

Coruna is not a simple malware attack. Researchers say it combines five full exploit chains and at least 23 vulnerabilities to break into devices running versions between iOS 13 and iOS 17.2.1.

The attack usually begins when a user visits a compromised or malicious website. Hidden JavaScript on the site silently scans the visitor’s device to identify the model, operating system version, and security settings.

Once a vulnerable device is detected, Coruna launches a multi-stage exploit chain that bypasses Apple’s built-in security protections. The malware then escalates system privileges, allowing attackers to install spyware and extract sensitive information from the device.

Why Crypto Wallets Are the Main Target

According to researchers, the malware is designed to hunt for encrypted wallet files, login credentials, and mnemonic recovery phrases used to restore crypto wallets.

If attackers gain access to those recovery phrases, they can instantly restore the wallet on another device and transfer the funds. This means victims could lose their entire holdings of assets like Bitcoin and Ethereum without realizing it until the transactions are complete.

Investigators say Coruna spreads through “watering hole” attacks, where hackers compromise websites frequently visited by crypto users, including fake trading platforms and phishing sites.

Possible Nation-State Links

Security firm iVerify found that parts of Coruna’s code resemble tools believed to have originated from U.S. government cyber programs.

However, researchers believe the toolkit may have leaked and is now being used by cybercriminal groups and intelligence actors from countries like Russia and China.

This could mark the first large-scale mobile exploit campaign using tools derived from nation-state cyber capabilities.

• Also Read :
•   Bitcoin, Ethereum, XRP, and the Quantum Future: Which Network Can Adapt?
•   ,

How to Protect Your Crypto

The good news is that the attack has clear limitations. Coruna fails to operate on devices running the latest iOS versions. It also stops if Apple’s Lockdown Mode is enabled and does not work in private browsing mode.

Security experts say users should take a few critical precautions:

• Keep your iPhone updated to the latest iOS version.
• Avoid visiting unknown crypto platforms or suspicious websites.
• Enable Lockdown Mode if you manage large crypto holdings.
• Store recovery phrases offline rather than in phone notes or screenshots.

For crypto investors, experts say updating your device may now be more important than timing the market, as one successful exploit could wipe out an entire wallet in seconds.

Never Miss a Beat in the Crypto World!

Stay ahead with breaking news, expert analysis, and real-time updates on the latest trends in Bitcoin, altcoins, DeFi, NFTs, and more.

Subscribe to News

FAQs