Ledger researchers expose Android flaw enabling wallet seed theft in seconds
Ledger researchers discovered a vulnerability in MediaTek-powered Android phones that allows attackers to steal wallet seed phrases in under a minute.Summary
Ledger's security team has identified a critical flaw in the firmware of Android phones utilizing MediaTek processors. This vulnerability allows an attacker with physical access to extract a device's PIN and private keys for multiple crypto wallets within a minute by exploiting a weakness in MediaTek's secure boot chain. The attack involves connecting the phone via USB before the OS loads, decrypting the storage offline, and accessing sensitive cryptographic keys. Researchers estimate that approximately 25% of Android phones could be affected, particularly those using MediaTek chips and Trustonic's trusted execution environment. Ledger CTO Charles Guillemet emphasized that smartphones are not inherently secure for storing crypto assets and encourages users to apply security updates. This discovery highlights the growing trend of attacks targeting user wallets, with infrastructure attacks accounting for over 80% of the $2.1 billion stolen in the first half of 2025, and total crypto theft exceeding $3.41 billion for the year.
(Source:The Block)