Wallet

Google's threat intelligence team reported that a new exploit kit dubbed "Coruna" targets iPhones running iOS 13.0 to 17.2.1 and has been used on fake crypto websites to capture wallet seed phrases. The toolkit, first identified in February 2025, contains multiple iOS exploit chains and was later found on spoofed Chinese financial and exchange sites seeking user funds and sensitive data. Security researchers say the tool may be linked to surveillance customers, while some industry experts dispute claims it originated from US intelligence code.

Cybersecurity researchers report that "ClickFix" attacks are now being used by scammers posing as venture capital firms on LinkedIn and by hijacking the QuickLens Chrome extension. The VC-themed campaign lures victims into fake video calls, while the compromised extension was updated with malware after a February 1 ownership change and reached around 7,000 users before removal.

BMIC, an Ethereum-based initiative, is developing a quantum-native wallet and finance stack that combines post-quantum cryptography, ERC-4337-style smart accounts, and AI monitoring. The project's token presale targets €40 million with up to 50 tiers priced from $0.048485 to $0.058182, allocating 750 million of a 1.5 billion supply.

According to a first-hand account updated on March 1, 2026, a crypto and Web3 professional narrowly avoided installing malware after joining what appeared to be a routine Microsoft Teams call set up via a familiar Telegram contact and Calendly link. The attackers used a spoofed Teams domain that blocked mobile access, then pressured the target on desktop to run a PowerShell command fetching code from teams.livescalls.com. The incident highlights how compromised industry accounts and realistic meeting interfaces are being weaponized to target high‑value crypto participants and potentially drain wallets or steal credentials.

On February 28, 2026, XRP Ledger developer and Xaman founder Wietse Wind warned XRP wallet users about scams using fake NFT "passes" and imitation Xaman domains to drain funds. He urged holders to cancel unsolicited offers, avoid interacting with suspicious NFTs and never share wallet secrets or sign unclear transactions.

Solana-based Step Finance and affiliates SolanaFloor and Remora Markets said they will cease operations, citing a late January wallet compromise that siphoned an estimated $30 million and unstaked 261,854 SOL. The teams halted parts of the platform, reported roughly $4.7 million recovered, and plan a STEP buyback and Remora rToken redemptions for holders.

On 28 February 2026, SoFi introduced direct on-chain Solana (SOL) deposits for its 13.7 million members, becoming the first nationally chartered U.S. bank to enable this feature. Customers can now move SOL from private wallets into regulated bank accounts over the Solana network, combining native blockchain settlement with traditional banking products.

Alchemy has launched a self-service payment system that lets autonomous AI agents maintain on-chain wallets and purchase compute credits with USDC on Base. Using the x402 payment standard and HTTP 402 responses, agents auto-top up balances without human intervention. Developer accounts can start with as little as $1 in USDC.

At the World Strategy Forum 2026, Citi outlined plans to introduce an institutional Bitcoin custody service later in 2026, integrating BTC into its existing banking infrastructure. The model is designed for clients to hold BTC alongside securities and cash and submit instructions via familiar channels such as SWIFT and APIs.

South Korea's National Tax Service lost nearly $4.8 million in seized Pre-Retogeum tokens after an unredacted wallet recovery phrase appeared in a February 26 press release. Hackers allegedly funded the exposed wallet with ETH for gas fees and withdrew 4 million PRTG, marking the third major crypto custody lapse by South Korean authorities since January 2026.