Android Phone Crypto Wallets Could Be at Risk Due to MediaTek Exploit: Ledger

A vulnerability in sure Android smartphones powered by MediaTek processors might enable attackers to extract encrypted person information in beneath a minute utilizing solely a USB connection, in keeping with new analysis from cryptocurrency {hardware} pockets maker Ledger.

Ledger’s inside safety analysis workforce, referred to as the Donjon, discovered that white hat hackers have been in a position to exhibit the flaw by connecting a Nothing CMF Cellphone 1 to a laptop computer and compromising the gadget’s safety in beneath 45 seconds.

“Donjon has struck once more, discovering a MediaTek vulnerability probably impacting thousands and thousands of Android telephones. One other reminder that smartphones aren’t constructed for safety,” Ledger Chief Know-how Officer Charles Guillemet wrote on X. “Even when powered off, person information—together with PINs and [seed phrases]—might be extracted in beneath a minute.”

The Donjon workforce reported they have been in a position to recuperate the Nothing CMF Cellphone 1’s PIN, decrypt its storage, and extract seed phrases from a number of crypto wallets with out booting Android, together with Belief Pockets, Base, Kraken Pockets, Rabby, Tangem’s cellular pockets, and Phantom.

Launched in 2024 by London-based Nothing, the Nothing CMF Cellphone 1 is a low-cost and modularly customizable cell phone that runs the Android working system. The exploit targets the telephone’s safe boot chain, Donjon mentioned, which permits an attacker to attach by means of USB and extract root cryptographic keys earlier than the working system hundreds, enabling the gadget’s storage to be decrypted offline.

Based on a July 2025 report by Chainalysis, private pockets compromises represented a rising share of complete cryptocurrency theft, with attackers more and more concentrating on particular person customers, making up 23.35% of all stolen fund exercise YTD in 2025.

Ledger mentioned the Donjon workforce found the vulnerability whereas analyzing Android’s flash encryption safety. The corporate disclosed the exploit to MediaTek and Trustonic beneath a 90-day accountable disclosure coverage, and the vulnerability was publicly disclosed by MediaTek earlier this month.

]]>

Different units that use MediaTek chips embrace the crypto-centric Solana Seeker, together with smartphones from manufacturers together with Samsung, Motorola, Xiaomi, POCO, Realme, Vivo, OPPO, Tecno, and iQOO. Nonetheless, it isn’t but clear which different handsets past the Nothing CMF Cellphone 1 could also be vulnerable to the exploit.

Though the demonstration centered on crypto wallets, Donjon mentioned the publicity might prolong to different delicate info saved on the gadget, together with messages, images, monetary info, and account credentials.

Crypto wallets sometimes are available two flavors: software program and {hardware} wallets designed to retailer non-public keys that enable customers to entry their digital property. Software program or scorching wallets are designed for cellular units, whereas bodily {hardware} wallets are meant for use with desktop or laptop computer computer systems. These wallets, just like the Ledger Nano S, might be faraway from computer systems for higher safety.

Nonetheless, software program wallets are extra accessible and sometimes free to obtain and use, in comparison with {hardware} wallets that may range in value. Nonetheless, Guillemet mentioned the software-only strategy comes with trade-offs, and highlights a basic architectural distinction between “general-purpose” telephone chips and people particularly designed for personal key safety.

“Common-purpose chips are constructed for comfort,” he wrote. “Safe Components are constructed for key safety. A devoted Safe Factor isolates secrets and techniques from the remainder of the system, defending them even beneath bodily assault.”