In a stark reminder of the vulnerabilities that can lurk within even the most advanced technology, chipmaker MediaTek has patched a critical flaw in its chipsets that could have allowed attackers to steal cryptocurrency seed phrases in a matter of seconds. The vulnerability, discovered by Ledger’s white-hat security team Donjon, highlights the ongoing challenges in securing digital assets on mobile devices.
According to Ledger, the flaw, which was patched on January 5, stemmed from a weakness in MediaTek’s secure boot chain—a security mechanism designed to ensure that a phone starts up safely and only with authorized software. An attacker with physical access to an Android device could connect it to a computer via USB and bypass these security measures, potentially gaining access to sensitive data, including crypto wallet seed phrases.
Exploitation in 45 Seconds
Donjon demonstrated the severity of the issue by compromising a Nothing CMF Phone 1 in just 45 seconds. The exploit, which did not require the phone to boot into Android, allowed the attacker to recover the device’s PIN, decrypt its storage, and extract seed phrases from popular wallets such as Trust Wallet, Base, Kraken Wallet, Rabby, Tangem’s Mobile Wallet, and Phantom.
Widespread Impact and User Advice
The vulnerability affects a significant portion of Android devices, as about 25% of these phones use the Trustonic Trusted Execution Environment (TEE) and MediaTek processors. Ledger urged users to update their devices with the latest security patches to mitigate the risk. However, the company noted that they do not anticipate this to be an ongoing issue, emphasizing the importance of proactive security measures.
Smartphones: A Security Liability
Charles Guillemet, Ledger’s Chief Technology Officer, reinforced the company’s stance that smartphones, whether Android or iPhone, are inherently difficult to secure. In a tweet, Guillemet stated, “Smartphones aren’t built for security. Even when powered off, user data—including pins and seeds—can be extracted in under a minute.” This research underscores a fundamental architectural difference: general-purpose chips are designed for convenience, while secure elements are specifically built to protect keys and secrets, even under physical attack.
The Broader Implications
With nearly 36 million people managing digital assets on their phones as of early 2025, even a single vulnerability can have far-reaching consequences. The security of crypto wallets is paramount, and the MediaTek flaw serves as a stark reminder of the ongoing battle to secure digital assets. As the use of cryptocurrencies continues to grow, so too does the need for robust security measures and user awareness.
In December 2025, Ledger further demonstrated the severity of the issue by successfully bypassing the security measures of the MediaTek Dimensity 7300 (MT6878), gaining full control over the smartphone with no security barriers left standing. This highlights the critical need for continuous security assessments and updates in the mobile ecosystem.
Looking Forward
The patch from MediaTek is a crucial step in mitigating this specific vulnerability, but it also underscores the broader challenges in securing digital assets on mobile devices. As the crypto industry evolves, the integration of dedicated secure elements and more robust security protocols will be essential to protect users from emerging threats. For now, users are advised to stay vigilant and ensure their devices are up-to-date with the latest security patches.
About the Author
