MediaTek fixed a security vulnerability in its mobile chipsets earlier this year that could have allowed attackers to steal cryptocurrency seed phrases from affected devices using only a USB cable and specialized software.
The issue was discovered by the white-hat security team Donjon at the crypto hardware company Ledger. The researchers responsibly disclosed the vulnerability to MediaTek before the company released a security patch on Jan. 5. Users who have not yet installed the latest security updates are advised to update their devices as soon as possible.
Test device compromised in 45 seconds
According to Ledger, the vulnerability originated in MediaTek’s secure boot chain — a built-in security mechanism that ensures a smartphone boots only with trusted and authorized software.
In a statement shared with Cointelegraph, Ledger explained that the flaw could allow an attacker with physical access to an Android device to connect it to a computer via USB and bypass certain security protections. This could potentially expose sensitive data stored on the device, including cryptocurrency wallet seed phrases.
About 25% of Android smartphones rely on the Trustonic Trusted Execution Environment (TEE) along with processors from MediaTek — the components affected by the discovered vulnerability.
Researchers from the Donjon security team at Ledger demonstrated the exploit using a Nothing CMF Phone 1 connected to a laptop. The team was able to compromise the device’s security in roughly 45 seconds.
“Without ever booting into Android, the exploit automatically recovered the phone’s PIN, decrypted its storage, and extracted seed phrases from several popular software wallets,” Ledger explained. The wallets affected in the test included Trust Wallet, Base Wallet, Kraken Wallet, Rabby Wallet, Tangem Mobile Wallet and Phantom Wallet.
Although Ledger advised users to install the latest security updates, a company spokesperson told Cointelegraph that they “don’t anticipate this to be an ongoing issue.”
Mobile phones are not fully secure, Ledger warns
As of early 2025, nearly 36 million people manage their digital assets using mobile devices, meaning even a single vulnerability could potentially place a large number of wallets at risk.
In December 2025, Ledger revealed that it successfully tested an attack on the MediaTek Dimensity 7300 (MT6878) chipset. The researchers were able to bypass its security protections and gain what they described as “full and absolute control over the smartphone.”
Charles Guillemet, chief technology officer at Ledger, previously told Cointelegraph in June 2020 that mobile devices — whether Android or iPhone — make it extremely challenging to run fully secure applications.
He reiterated a similar warning on the social platform X on Wednesday, writing: “Smartphones aren’t built for security. Even when powered off, user data — including PINs and seed phrases — can be extracted in under a minute.”
According to him, the research highlights a fundamental difference in device architecture. General-purpose smartphone chips are primarily designed for convenience and performance, whereas dedicated Secure Elements are specifically built to protect sensitive cryptographic keys. By isolating secrets from the rest of the system, these Secure Elements can keep critical data safe even during physical attacks.
