MediaTek Chip Vulnerability Puts Crypto Wallets at Risk on a Quarter of Android Phones
Ledger's security team Donjon discovered a critical flaw in MediaTek processors that allows attackers to extract private keys from crypto wallets in under a minute, affecting roughly 25% of Android devices.
Ledger Donjon Uncovers Critical Flaw in MediaTek Processors
Ledger's dedicated security research division, Donjon, has identified a critical vulnerability affecting Android smartphones powered by MediaTek chipsets. According to The Block, the bug enables an attacker to extract a device's PIN code and cryptocurrency wallet private keys in less than 60 seconds.
The flaw resides in the chip's secure boot mechanism. Exploitation requires physical access to the target device: the attacker connects the smartphone via USB before the operating system loads, extracts disk encryption keys, and then accesses all stored data offline.
Why This Matters
Researchers estimate the vulnerability affects approximately one quarter of all Android smartphones worldwide. Devices running MediaTek processors that rely on Trustonic's Trusted Execution Environment (TEE) are particularly exposed. MediaTek is one of the world's largest mobile chipset suppliers, dominating the budget and mid-range segments — meaning hundreds of millions of devices could be at risk.
For cryptocurrency holders, the implications are severe. Anyone using a smartphone as their primary crypto storage could face total loss of funds if the device is physically compromised. The attack's speed — under one minute — makes it nearly impossible to counter once an attacker has the phone in hand.
Ledger's Stance and Recommendations
Ledger CTO Charles Guillemet stressed that mobile phones were never designed to function as secure vaults. He urged users to install the latest security patches from their device manufacturers as soon as possible.
"If your cryptocurrency sits on your phone, the level of asset protection is limited by the weakest link in the hardware or software" — Charles Guillemet, CTO of Ledger.
The Bigger Picture: Key Theft Dominates Crypto Crime
This discovery fits into a broader pattern of escalating threats. Data from TRM Labs shows that theft of private keys and seed phrases accounted for more than 80% of all stolen cryptocurrency in the first half of 2025, with total losses reaching $2.1 billion.
Hardware wallet manufacturers have been stepping up their response. In October 2025, both Ledger and Trezor unveiled next-generation devices designed to provide stronger protection for digital assets against increasingly sophisticated attack vectors.
What Users Should Do
- Check whether your smartphone uses a MediaTek processor. If so, update to the latest available firmware immediately.
- Avoid storing significant cryptocurrency holdings in mobile wallets. Use dedicated hardware wallets for larger amounts.
- Maintain physical security of your device — never leave your smartphone unattended, and enable additional lock mechanisms.
Frequently Asked Questions
What is the MediaTek chip vulnerability discovered by Ledger?
Ledger's Donjon security team found a flaw in MediaTek's secure boot mechanism that allows an attacker with physical access to extract a phone's PIN and crypto wallet private keys in under 60 seconds via USB connection before the OS boots.
How many Android phones are affected by the MediaTek vulnerability?
Researchers estimate approximately 25% of all Android smartphones are affected. The vulnerability specifically impacts devices with MediaTek processors using Trustonic's Trusted Execution Environment.
Can the MediaTek crypto wallet hack be done remotely?
No, the attack requires physical access to the device. The attacker must connect the smartphone via USB before the operating system loads to extract disk encryption keys and access data offline.
How to protect crypto wallets from the MediaTek chip flaw?
Users should install the latest security patches from their device manufacturer immediately. For storing significant cryptocurrency amounts, hardware wallets are recommended over mobile solutions. Physical device security is also critical.
How much crypto was stolen through private key theft in 2025?
According to TRM Labs data, private key and seed phrase theft accounted for over 80% of all stolen cryptocurrency in the first half of 2025, totaling $2.1 billion in losses.
Read also
Zero-Day Bug Found in Bitcoin's Mining Algorithm — Present Since Day One
Researcher Loïc Morel disclosed an off-by-one error in Bitcoin's difficulty adjustment mechanism that has existed since the network's launch and could theoretically enable mining blocks at extreme speeds.
Fake Ledger Live App in Apple's App Store Used to Steal $9.5M in Crypto
A fraudulent Ledger Live app that passed Apple's App Store review was used to siphon over $9.5M in cryptocurrency from more than 50 victims across multiple blockchain networks.
Drift Secures $148M From Tether and Partners to Compensate Hack Victims
Solana-based protocol Drift has secured $148 million from Tether and other partners to recover from a $295 million hack and compensate affected users.
Google: Breaking Bitcoin Requires 20x Fewer Qubits Than Previously Estimated
Google researchers found that fewer than 500,000 physical qubits could be enough to crack Bitcoin and Ethereum's cryptographic defenses — a 20-fold reduction from prior estimates.
South Korea's Tax Agency Accidentally Published Seed Phrases, Losing $4.8M in Tokens
Korea's tax agency leaked crypto wallet seed phrases in a press release — and someone drained $4.8M in PRTG tokens within hours.
Venus Protocol Suffers $2M Loss After Oracle Manipulation Attack on THE Token
BNB Chain lending protocol Venus Protocol was exploited through a price oracle manipulation targeting the THE token from Thena. The platform's bad debt is estimated at $2.15 million.