Articles
Crypto Market Analysis

MediaTek patches bug enabling crypto seed theft in just 45 seconds

User Image

От Анонимный

Создано March 12, 2026|2 мин. чтения
Main Image

Ledger’s white-hat security team said it found a flaw in MediaTek's secure boot chain that can be used to steal sensitive information from certain Android devices.

Mobile phone chipmaker MediaTek patched a vulnerability affecting its chipsets in January that could have allowed an attacker to steal crypto seed phrases on affected devices using just a USB cable and the right software. 

The flaw was discovered by Ledger’s white-hat security team, Donjon, who had shared the vulnerability with MediaTek before a patch was rolled out on Jan. 5, though users who have not installed the latest security patches are advised to do so, said Ledger. 

According to Ledger, the flaw came from MediaTek’s secure boot chain, a security mechanism built into its chips that ensures a phone starts safely and only with authorized software during startup. 

In a statement shared with Cointelegraph, Ledger explained that the flaw meant an attacker with access to an Android phone could connect it to a computer via USB and bypass security protections, potentially gaining access to sensitive data on the device, including crypto wallet seed phrases. 

Around 25% of Android phones use the Trustonic Trusted Execution Environment (TEE) and MediaTek processors, which the security flaw exploits.

Donjon demonstrated the hack by connecting a Nothing CMF Phone 1 to a laptop and compromising the device’s security in approximately 45 seconds. 

“Without ever even booting into Android, the exploit automatically recovered the phone’s PIN, decrypted its storage, and extracted the seed phrases from the most popular software wallets: Trust Wallet, Base, Kraken Wallet, Rabby, Tangem’s Mobile Wallet and Phantom,” Ledger said.

While Ledger urged users to update their devices, a Ledger spokesperson told Cointelegraph they “don’t anticipate this to be an ongoing issue.” 

With almost 36 million people managing digital assets on their phones as of early 2025, even a single vulnerability could put a significant number of wallets at risk.

In December 2025, Ledger revealed that it tested an attack on the MediaTek Dimensity 7300 (MT6878), and bypassed its security measures to gain “full and absolute control over the smartphone, with no security barrier left standing.”

Ledger chief technology officer Charles Guillemet told Cointelegraph in June 2020 that mobile phones, whether Android or iPhone, are “very difficult to have secure applications.”

Related: SlowMist introduces Web3 security stack for autonomous AI agents

He reinforced a similar view on Wednesday, posting on X:  “Smartphones aren’t built for security. Even when powered off, user data - including pins & seeds - can be extracted in under a minute.” 

“This research highlights a fundamental architectural difference: General-purpose chips are built for convenience. Secure Elements are built for key protection. A dedicated Secure Element isolates secrets from the rest of the system, protecting them even under physical attack,” he said.

Magazine: All 21 million Bitcoin is at risk from quantum computers

Source: CoinTelegraph


Другие статьи, опубликованные недавно

Bitcoin holds near $63,800 as war-driven selloff hits everything but crypto
Bitcoin holds near $63,800 as war-driven selloff hits everything but crypto

Bitcoin

Gold, oil, stocks and bonds all moved sharply on the fourth round of U.S. strikes on Iran, but bitco...

Bitcoin ETFs draw $197M, snap 8-week outflow streak
Bitcoin ETFs draw $197M, snap 8-week outflow streak

Bitcoin

Analysts are not yet ready to call it a recovery in institutional demand for Bitcoin.Source: CoinTel...

Bank of Thailand targets USDT and cash flows in gray money crackdown
Bank of Thailand targets USDT and cash flows in gray money crackdown

Crypto Market Analysis

Thailand has been plagued by Chinese-affiliated scam centers, with illicit gains flowing through a �...

AI microbusinesses could drive $262B in stablecoin volume by 2033: Swyftx
AI microbusinesses could drive $262B in stablecoin volume by 2033: Swyftx

Crypto Market Analysis

The AI-native cohort of the expanding gig economy could increasingly use stablecoins to avoid slow a...

Signs of life?: State of Crypto
Signs of life?: State of Crypto

Crypto Market Analysis

Several sources told CoinDesk that a new draft of the Clarity Act may drop this week, but challenges...

Strategy's Saylor needs clarity in BTC pivot message to convince investors: StanChart
Strategy's Saylor needs clarity in BTC pivot message to convince investors: StanChart

Bitcoin

Standard Chartered sees communication challenges facing the biggest digital asset treasury company a...