Trust Wallet, a multi-chain self-custody cryptocurrency wallet, announced that a severe zero-day exploit affecting iMessage on iOS devices had been detected for sale on the dark web.

According to the official statement posted on Twitter, this exploit allows remote control of an iPhone without user interaction and is being sold for $2 million. Eowyn Chen, CEO of Trust Wallet, explained that the price of the exploit is high because such threats are typically aimed at high-value targets to avoid the tracking of security investigators.

Trust Wallet Recommends Disabling iMessage While Awaiting an Update

The company’s warning comes from reliable intelligence sources on cyber threats, as reported by Eowyn Chen. Given the seriousness of the risk, Trust Wallet advises iOS users to immediately disable the iMessage application until Apple releases a software update to mitigate the vulnerability.

Following the dissemination of its initial alert, Trust Wallet provided further details while continuing to monitor security threats of this nature through various channels alongside partners and researchers, leading to the prevention of over $600 million in theft from its users.

The company emphasized that this exploit is not exclusively designed for the crypto community but can affect “anyone using iOS with iMessage.” However, it highlighted that “the likely targets are high net-worth individuals as the most lucrative targets.”

Finally, the company emphasized that it has no “vendetta” against Apple. Still, rather its priority is the security of users, clarifying that it loves iMessage as much as anyone, but the security of its users is paramount.

Cyberattack Wave Shakes Crypto Space in 2024

Though only four months have passed since the beginning of 2024, cybercriminals have already carried out several high-profile cyberattacks and exploits. Major incidents include the $80 million hack of the Orbit Chain cross-chain bridge project, the $4.5 million flash loan attack on Radiant Capital that paralyzed the Arbitrum market, and the $7.5 million breach of the crypto payment processor CoinsPaid, among many others.

Additionally, in late March, the DeFi platforms Prism Finance and Mozaic Finance were hacked, resulting in losses of $10 million and $2.5 million, respectively. These incidents highlight vulnerabilities in DeFi protocols that continue to be exploited by hackers.

Another attack that shook the crypto market in February was on the South Korean NFT and crypto gaming platform PlayDapp, which also suffered losses of $290 million in two hacking incidents related to a private key leak.

Therefore, considering the ongoing direct and indirect hacks that the crypto industry faces, it is not unreasonable to follow the security advice of companies to avoid becoming another victim of exploiters. So far, Apple has not officially communicated about the exploit or released an update.