iOS “Coruna” Exploit Targets Crypto Users: How Attackers Steal Seed Phrases and How KYT Detects Stolen Funds

iOS securitycrypto phishingblockchain securityAMLKYT

A newly disclosed iOS exploit toolkit known as Coruna is reportedly being used in targeted attacks against cryptocurrency users. The toolkit focuses on devices running iOS 13.0 through iOS 17.2.1 and includes 23 exploit components and five complete attack chains, some of which involve previously unknown vulnerabilities.

Attackers typically distribute the exploit through fake cryptocurrency websites, including phishing pages impersonating exchanges such as WEEX. When a vulnerable iPhone user visits the malicious site, the exploit code can automatically execute on the device.

How the Attack Steals Crypto Assets

Once executed, the attack scans the device for sensitive data, particularly text containing keywords such as “seed phrase,” “recovery phrase,” or private keys. It also attempts to extract credentials and wallet data from widely used crypto applications, including MetaMask and Uniswap.

If attackers successfully obtain recovery phrases or wallet credentials, they can quickly transfer digital assets on-chain, making recovery extremely difficult.

How Exchanges Detect Stolen Funds

In most crypto theft cases, attackers eventually move stolen assets through exchanges, bridges, or DeFi platforms. This makes transaction monitoring a critical part of risk management.

KYT (Know Your Transaction) systems help identify suspicious fund flows through blockchain analytics. Solutions like Trustformer KYT monitor high-risk addresses, detect abnormal transaction patterns, and track links to hacking or fraud-related activities.

By applying real-time risk scoring, address clustering, and fund flow tracing, KYT solutions enable platforms to identify potentially stolen assets before they enter their systems.

Security Recommendations

Security researchers recommend that iPhone users update their devices to the latest iOS version as soon as possible. If updating is not immediately possible, enabling Apple’s Lockdown Mode can significantly improve device security.

As mobile devices increasingly become gateways for managing crypto assets, combining device-level security with on-chain risk monitoring is becoming essential for protecting digital assets.

About Trustformer

Trustformer is a leading blockchain security and compliance technology company specializing in providing professional risk management and compliance solutions for the global cryptocurrency ecosystem. We have developed the cutting-edge Trustformer KYT (Know Your Transaction) platform, which integrates artificial intelligence, blockchain analytics, and regulatory technology to deliver comprehensive, accurate real-time transaction monitoring, risk assessment, and suspicious activity reporting services.

With deep industry expertise and technological innovation, Trustformer is dedicated to helping Virtual Asset Service Providers (VASPs), crypto financial institutions, and investors build a safer and more transparent crypto financial environment. We believe that driving compliance and trust through technology can contribute to the thriving growth of the global digital economy.