
Apple Chip Vulnerability Stealing Crypto Assets? Here’s What You Need to Know
TechFlow Selected TechFlow Selected

Apple Chip Vulnerability Stealing Crypto Assets? Here’s What You Need to Know
This vulnerability primarily exists in Apple's M-series processors.
Source: Decrypt
Translation: Blockchain Knight
A serious vulnerability may exist on Apple's MacBooks and iPads that could expose crypto keys and passwords on certain devices.
Researchers from several universities have discovered a flaw in Apple’s M-series chips that could allow hackers to steal cryptographic keys—including private keys for cryptocurrency wallets—through malicious software attacks.
While the real-world risk of this vulnerability may be low, users holding significant crypto assets on MacBooks with M-series chips should take it seriously.
Below are some key findings disclosed in the report.
Last week, researchers announced they had discovered a critical vulnerability in Apple’s M-series chips used in Macs and iPads, which attackers could exploit to obtain cryptographic keys and code.
The issue stems from a technique called "prefetching," which Apple’s own M-series chips use to speed up user interactions with devices.
Prefetching allows devices to monitor users’ most common activities and store data locally to accelerate performance. However, this very feature can now be exploited.
The researchers said they created an app capable of successfully "tricking" the processor into placing prefetched data into cache, which their app could then access and use to reconstruct cryptographic keys. This is a potentially major issue.
Any Mac or iPad using an Apple M-series processor—including M1, M2, or M3—is potentially vulnerable.

The M1 chip was introduced at the end of 2020 on the MacBook Air, MacBook Pro, and Mac Mini, later expanding to Mac desktops and even iPad tablets.
M2 and the current M3 processors are also susceptible across computers and tablets. The M2 chip is even used in Apple’s Vision Pro headset.
However, according to Ars Technica, the data memory prefetcher affected by the vulnerability in the M3 chip includes a “special bit” that developers can invoke to disable the data-saving function, although this comes at a cost to performance.
Older Macs equipped with Intel processors are not affected. Apple relied on Intel processors for years before developing its own chips.
Likewise, iPads (regardless of age) using Apple’s A-series chips—the same chips used in iPhones—do not appear to be at risk. Only the M1, M2, and M3 chips are vulnerable due to their specific design.
Recent iPhone and iPad models featuring Apple’s A14, A15, and A16 chips are indeed variants of the M-series chips, but the research paper and media reports do not indicate they are vulnerable.
So what can users do about this? Unfortunately, nothing.
Because this is a chip-level vulnerability tied to the unique architecture of Apple’s silicon, meaning Apple cannot patch it via software updates. App developers could implement mitigations to avoid the vulnerability, but doing so would involve performance trade-offs, making such apps feel slower after updates.
Of course, users can eliminate the risk entirely by moving their crypto wallets off vulnerable Apple devices—migrating them to other platforms such as Windows PCs, iPhones, or Android phones.
Robert Graham, CEO of Errata Security, commented: "Take your crypto wallet off these devices—at least for now. I suspect someone is already working on exploiting this attack."
While devices with M1–M3 chips are indeed vulnerable, hackers can’t simply flip a switch to steal your funds. Typically, the user must first install malware on the device, after which the attacker uses the compromised software to extract private keys and access associated wallets.
Apple’s macOS is also quite resistant to malware, as you must manually approve the installation of such apps.
By default, Mac blocks unsigned third-party software. However, if you enjoy taking risks and install apps from “unidentified developers,” you should exercise extra caution when using M-chip devices that are susceptible to this flaw.
According to Zero Day, this attack could also be carried out on shared cloud servers that hold users’ keys, representing another potential attack vector.
Additionally, such attacks could theoretically be conducted via JavaScript code embedded in websites—an approach far more effective against average users since no software installation is required. Of course, this remains purely theoretical at this stage.
According to Zero Day, this vulnerability might also be used to decrypt the contents of web browser cookies, potentially allowing attackers to gain access to email accounts and other sensitive user accounts.
Based on current reporting about the vulnerability, hardware wallets from companies like Ledger and Trezor are clearly not at risk—since private keys must be stored directly on M1–M3-equipped Apple devices to be vulnerable.

Still, as a precautionary measure, avoiding connecting hardware wallets to vulnerable devices is a sound strategy.
Centralized exchanges like Coinbase store user funds in custodial wallets. Since private keys aren't stored on users’ devices, these accounts aren't directly exposed.
However, if users store their Coinbase account password in a crypto security password manager on a vulnerable Apple device, they may need to change their password—not just update it within the manager.
As previously noted, attackers could theoretically exploit this vulnerability to decrypt account passwords from browsing cookies.
Undoubtedly, this is a serious vulnerability, but the likelihood of it affecting ordinary crypto users appears low. Cracking passwords through this method requires gradually extracting enough data from the cache to reconstruct a key—a process that could take anywhere from 1 to 10 hours or longer.
That doesn’t mean it’s impossible or won’t happen to someone—but it’s not a quick, opportunistic attack.
Users should still take preventive measures to ensure they’re not at risk, but if the report is accurate, this does not appear to pose a widespread threat to typical users.
Join TechFlow official community to stay tuned
Telegram:https://t.me/TechFlowDaily
X (Twitter):https://x.com/TechFlowPost
X (Twitter) EN:https://x.com/BlockFlow_News










