Articles
Crypto Market Analysis

MediaTek patches bug enabling crypto seed theft in just 45 seconds

User Image

Bởi Ẩn danh

Được tạo March 12, 2026|2 phút đọc
Main Image

Ledger’s white-hat security team said it found a flaw in MediaTek's secure boot chain that can be used to steal sensitive information from certain Android devices.

Mobile phone chipmaker MediaTek patched a vulnerability affecting its chipsets in January that could have allowed an attacker to steal crypto seed phrases on affected devices using just a USB cable and the right software. 

The flaw was discovered by Ledger’s white-hat security team, Donjon, who had shared the vulnerability with MediaTek before a patch was rolled out on Jan. 5, though users who have not installed the latest security patches are advised to do so, said Ledger. 

According to Ledger, the flaw came from MediaTek’s secure boot chain, a security mechanism built into its chips that ensures a phone starts safely and only with authorized software during startup. 

In a statement shared with Cointelegraph, Ledger explained that the flaw meant an attacker with access to an Android phone could connect it to a computer via USB and bypass security protections, potentially gaining access to sensitive data on the device, including crypto wallet seed phrases. 

Around 25% of Android phones use the Trustonic Trusted Execution Environment (TEE) and MediaTek processors, which the security flaw exploits.

Donjon demonstrated the hack by connecting a Nothing CMF Phone 1 to a laptop and compromising the device’s security in approximately 45 seconds. 

“Without ever even booting into Android, the exploit automatically recovered the phone’s PIN, decrypted its storage, and extracted the seed phrases from the most popular software wallets: Trust Wallet, Base, Kraken Wallet, Rabby, Tangem’s Mobile Wallet and Phantom,” Ledger said.

While Ledger urged users to update their devices, a Ledger spokesperson told Cointelegraph they “don’t anticipate this to be an ongoing issue.” 

With almost 36 million people managing digital assets on their phones as of early 2025, even a single vulnerability could put a significant number of wallets at risk.

In December 2025, Ledger revealed that it tested an attack on the MediaTek Dimensity 7300 (MT6878), and bypassed its security measures to gain “full and absolute control over the smartphone, with no security barrier left standing.”

Ledger chief technology officer Charles Guillemet told Cointelegraph in June 2020 that mobile phones, whether Android or iPhone, are “very difficult to have secure applications.”

Related: SlowMist introduces Web3 security stack for autonomous AI agents

He reinforced a similar view on Wednesday, posting on X:  “Smartphones aren’t built for security. Even when powered off, user data - including pins & seeds - can be extracted in under a minute.” 

“This research highlights a fundamental architectural difference: General-purpose chips are built for convenience. Secure Elements are built for key protection. A dedicated Secure Element isolates secrets from the rest of the system, protecting them even under physical attack,” he said.

Magazine: All 21 million Bitcoin is at risk from quantum computers

Source: CoinTelegraph


Các bài viết khác được xuất bản gần đây

Signs of life?: State of Crypto
Signs of life?: State of Crypto

Crypto Market Analysis

Several sources told CoinDesk that a new draft of the Clarity Act may drop this week, but challenges...

Strategy's Saylor needs clarity in BTC pivot message to convince investors: StanChart
Strategy's Saylor needs clarity in BTC pivot message to convince investors: StanChart

Bitcoin

Standard Chartered sees communication challenges facing the biggest digital asset treasury company a...

Robinhood L2 sparks ETH optimism, Saylor 'muddies waters.' Hodler's Digest, July 5-12, 2026
Robinhood L2 sparks ETH optimism, Saylor 'muddies waters.' Hodler's Digest, July 5-12, 2026

Ethereum

Even Ethereum's critics believe Robinhood Chain is bullish for ETH. Nigel Farage and Donald Trump be...

Stablecoin market cap has shrunk by $10 billion since May, but analyst sees no reason to panic
Stablecoin market cap has shrunk by $10 billion since May, but analyst sees no reason to panic

Crypto Market Analysis

The market shrank by $7.7 billion in June alone, the largest dollar amount since May 2022's Terra-Lu...

Pakistan crypto chief seeks dialogue after scholar rules against crypto payments
Pakistan crypto chief seeks dialogue after scholar rules against crypto payments

Crypto Market Analysis

Pakistan’s virtual-assets regulator called for continued dialogue on the treatment of digital asse...

Ripple once weighed shutting down and handing XRP to shareholders, CEO says
Ripple once weighed shutting down and handing XRP to shareholders, CEO says

Crypto Market Analysis

Ripple's Brad Garlinghouse says he and co-founder Chris Larsen considered winding the company down a...