Ledger Researchers Reveal MediaTek Flaw That Could Expose Crypto Wallets on Android Phones

Security researchers at Ledger say they have uncovered a serious vulnerability affecting Android smartphones that run on MediaTek processors.

The flaw could allow someone with physical access to a phone to extract sensitive cryptocurrency wallet data—including PIN codes and seed phrases—in under a minute.

The discovery comes from Ledger’s internal security research division known as the Donjon team, which focuses on analyzing hardware and software security issues tied to digital asset storage. In their latest research, the team found that certain MediaTek chips contain a weakness in the device’s secure boot chain, creating a small but critical window during startup where sensitive data may be exposed.

If exploited, the issue could allow an attacker to connect the phone to another device through USB before the Android operating system fully loads. From there, encrypted information stored on the phone can potentially be accessed and decrypted offline.

The finding adds to ongoing concerns within the crypto security community about storing private keys and recovery phrases directly on smartphones.

Exploit Targets A Gap In The Secure Boot Process

According to the researchers, the attack takes advantage of how some MediaTek chips handle the secure boot process. Secure boot is meant to verify each stage of the system as the phone powers on, ensuring that only trusted software can run.

But the Donjon team found that in some cases this verification process can be interrupted early in the startup sequence. That small gap gives an attacker an opportunity to connect to the device and access sensitive data before the phone finishes booting.

In a proof-of-concept demonstration, Ledger researchers showed they could extract wallet credentials in roughly 45 seconds. The attack does not require internet access and does not rely on traditional methods such as phishing or malware.

Instead, the attacker simply needs temporary physical access to the phone and the ability to connect it to another system through USB.

Once the data is pulled from the device, it can be decrypted outside the phone’s environment, potentially revealing wallet PINs and seed phrases—the recovery keys that provide full control over a crypto wallet.

Popular Mobile Wallets Were Used In Testing

During their research, the Ledger team tested several well-known mobile wallet applications to see whether the vulnerability could expose stored credentials. Among the apps involved in the tests were:

• Trust Wallet
• Kraken Wallet
• Phantom Wallet

Researchers were able to retrieve sensitive information from these wallets when running on affected devices. Ledger emphasized that the issue does not stem from the wallet apps themselves but from weaknesses in the phone’s hardware security layer.

Because mobile wallets rely on the device’s secure environment to protect private keys, any flaw at the hardware level can undermine those protections.

The research team shared details of the proof-of-concept and their findings in a public post explaining how the exploit works and why it matters for mobile crypto users.

A Large Portion Of Android Phones Could Be Affected

Ledger estimates that roughly one quarter of Android smartphones currently in use could be vulnerable to the issue. The risk appears highest on devices that combine MediaTek processors with the Trustonic secure execution environment.

MediaTek chips are widely used in many mid-range and budget Android smartphones around the world. Because of that, the vulnerability may affect devices across multiple manufacturers.

Although the exploit requires physical access to the phone, security experts say that still leaves room for potential abuse. Situations like stolen phones, confiscated devices, or repair shop access could give attackers the opportunity to attempt the exploit.

Even short-term access may be enough if the attacker knows how to trigger the vulnerability during the device’s boot process.

Ledger Says Smartphones Were Never Built To Be Vaults

The discovery also reinforces a message Ledger has repeated for years about the limitations of storing crypto secrets on everyday devices.

Charles Guillemet, chief technology officer at Ledger, said the findings highlight a basic design problem with smartphones.

According to him, mobile devices were built for connectivity and convenience, not for safeguarding high-value cryptographic secrets.

“This research demonstrates what we have long argued: smartphones were never designed to function as vaults,” Guillemet said.

While software updates may eventually address this particular flaw, he noted that smartphones still carry a larger attack surface compared with dedicated hardware wallets designed specifically for secure key storage.

Infrastructure Attacks Remain A Major Crypto Threat

The timing of the discovery comes as attacks targeting crypto infrastructure continue to grow.

Data from blockchain intelligence firm TRM Labs shows that infrastructure-level attacks—including private key and seed phrase theft—accounted for more than 80% of the $2.1 billion stolen during the first half of 2025.

Rather than targeting blockchain networks directly, many attackers now focus on the tools people use to access them: wallets, devices, and authentication systems.

As blockchain protocols themselves become harder to exploit, criminals are increasingly turning their attention to weaknesses in hardware and software used by everyday users.

The MediaTek flaw uncovered by Ledger researchers is another example of how vulnerabilities in consumer technology can ripple into the crypto ecosystem.

For users, the findings serve as a reminder that protecting digital assets often depends as much on device security as it does on blockchain security. Many security experts continue to recommend using hardware wallets for storing significant amounts of cryptocurrency, especially when long-term storage is involved.

Disclosure: This is not trading or investment advice. Always do your research before buying any cryptocurrency or investing in any services.

Follow us on Twitter @themerklehash to stay updated with the latest Crypto, NFT, AI, Cybersecurity, and Metaverse news!