A newly disclosed security flaw in some Android phones could allow attackers to extract crypto wallet keys and PIN codes in under a minute.
Quick Summary – TLDR:
- Ledger’s security research team Donjon discovered a vulnerability in MediaTek powered Android devices.
- Attackers with physical access could extract encryption keys through USB before the operating system loads.
- The flaw may affect around 25 percent of Android smartphones using MediaTek chips and Trustonic Trusted Execution Environment.
- Researchers warn the issue highlights the risks of storing crypto secrets directly on smartphones.
What Happened?
Security researchers at Ledger have revealed a vulnerability in certain Android devices powered by MediaTek processors that could allow attackers to retrieve sensitive crypto wallet data. The exploit can potentially expose device PIN codes and wallet seed phrases in under a minute if attackers gain physical access to the phone.
The flaw targets a weakness in the secure boot chain used in some MediaTek chipsets, which allows malicious actors to extract encryption keys before the Android operating system fully loads.
🚨 @DonjonLedger has struck again discovering a MediaTek vulnerability potentially impacting millions of Android phones. Another reminder that smartphones aren’t built for security. Even when powered off, user data – including pins & seeds – can be extracted in under a minute.
— Charles Guillemet (@P3b7_) March 11, 2026
Ledger Researchers Identify Vulnerability in MediaTek Chips
The discovery was made by Donjon, Ledger’s internal team of security researchers and white hat hackers. During testing, the team found that an attacker could connect a compromised Android device to a computer through a USB connection before the operating system loads.
From there, the attacker could extract cryptographic keys used to protect Android’s full disk encryption. Once those keys are retrieved, the encrypted device storage can be decrypted offline.
According to the researchers, the entire process could take roughly 45 seconds, allowing attackers to gain access to sensitive information stored on the device.
In proof-of-concept testing, the exploit was able to retrieve wallet seed phrases and sensitive data from several well known cryptocurrency wallet applications, including:
- Trust Wallet
- Kraken Wallet
- Phantom
With access to a wallet mnemonic or seed phrase, attackers can fully control a crypto wallet and transfer funds without needing the device again.
Millions of Android Devices Potentially Affected
Researchers estimate the vulnerability could impact about 25 percent of Android smartphones, particularly devices powered by MediaTek processors that rely on the Trustonic Trusted Execution Environment.
MediaTek chips are widely used in mid-range Android devices around the world, which means a large number of smartphones could theoretically be exposed if the flaw is not patched.
Ledger said the issue can be fixed through firmware and security updates, and users are encouraged to install patches released by MediaTek and smartphone manufacturers as soon as they become available.
Ledger Warns Smartphones Were Never Meant to Be Vaults
Charles Guillemet, Chief Technology Officer at Ledger, said the discovery reinforces long standing concerns about storing highly sensitive information directly on smartphones.
Ledger Chief Technology Officer Charles Guillemet said in the statement:
The company said its goal in publishing the research was to give the industry time to address the flaw before it could be exploited at scale.
Crypto Wallet Attacks Are Increasing
The disclosure comes as attacks targeting cryptocurrency users continue to rise. Security reports show that wallet compromises are becoming a major source of crypto theft.
According to blockchain intelligence firm TRM Labs, infrastructure attacks such as private key theft, seed phrase theft, and front end compromises accounted for more than 80 percent of the 2.1 billion dollars stolen in the first half of 2025.
Data from Chainalysis also shows that losses from crypto theft exceeded 3.41 billion dollars in a single year, with personal wallet compromises becoming significantly more common.
These attacks represented 7.3 percent of stolen crypto value in 2022, but jumped to 44 percent by 2024, impacting more than 158000 individual cases.
The growing trend highlights how attackers are increasingly targeting individual wallet users rather than centralized platforms.
SQ Magazine’s Takeaway
I think this discovery sends a strong message to anyone storing crypto on their phone. Smartphones are convenient, but convenience often comes with security tradeoffs. If a flaw in hardware or firmware can expose wallet seed phrases in less than a minute, that is a serious risk.
In my view, this research reinforces why dedicated hardware wallets exist in the first place. Keeping private keys isolated from everyday devices like phones and laptops remains one of the safest ways to protect crypto assets.
