Ledger Security Team Finds MediaTek Chip Flaw That Could Expose Crypto Wallet Mnemonics

Dojon, Ledger’s security team has identified a critical vulnerability in the MediaTek Dimensity 7300 chip. 

Summary 

• Ledger’s Donjon team identified a major vulnerability in the MediaTek Dimensity chip, allowing attackers with physical access to extract PINs and mnemonic phrases within 45 minutes. 
• The flaw targets the chip’s secure boot chain, enabling anyone with physical access to the device to bypass the security. 
• Users are advised to install the latest security patches on their respective phones. 

The vulnerability enables an attacker with physical access to a device to extract the encryption keys via USB before the operating system loads, decrypt the device’s storage, and obtain the device PIN. All these can be achieved within approximately 45 seconds. 

Researchers successfully conducted a proof-of-concept test and found that the vulnerability extracted sensitive data from wallet applications, such as Trust Wallet, Kraken Wallet, and Phantom. This flaw potentially affects about 25% of Android phones, especially those with MediaTek chips combined with the Trustonic Trusted Execution Environment (TEE). 

Ledger’s Chief Technology Officer, Charles Guillemet, stated that smartphones are not designed to be vaults. Even though the vulnerability can be patched, this vulnerability highlights the inherent risks of storing keys on non-secure devices. Therefore, users should consider transferring significant assets to dedicated hardware wallets, which utilize secure elements to keep private keys offline.

The Security Vulnerability Bypassing Key Protection Layers

Every phone uses a ‘Secure Enclave” to hide and protect user passwords and crypto keys. It also enables attackers to bypass the security level before the phone alerts its warning systems. Moreover, phones are not designed for high-level security. As platforms like TrustWallet or Phantom store data on the phone’s main memory, 

MediaTek recommends fixing measures 

MediaTex delivered a fix to manufacturers in January 2026. Users should install the latest security patches provided on the phone. As mentioned before, users should also consider assets to be dedicated hardware wallets. 

Reports From TRM Labs 

According to data from TRM Labs, over 80% of the 2.1 billion in stolen crypto assets in the first half of 2025 was caused by infrastructure attacks such as private key theft, mnemonic theft, and front-end hijacking. 

Chainalysis reports show that losses caused by crypto asset theft exceeded $3.41 billion in 2024. The number of stolen wallet cases has risen from 2.3% in 2022 to 44% in 2024. 

Conclusion 

The security vulnerability found in the MediaTek Dimensity 7300 is a primary issue for Android devices. The chip and the hardware, similar to MediaTek, are estimated to power around 25% of all Android phones. Unlike an app bug, this vulnerability is within the chip’s Boot ROM. Plugging the phone into a laptop via USB enables an attacker to trick the MediaTek chip into giving up the master key. As apps like Trust Wallet or Phantom store data in the device’s main memory, they are vulnerable to hardware-level bugs. Users are advised to install the latest security patches provided by the manufacturers as soon as they are available. 

Also Read: Bitcoin Breakout Imminent: Peter Brandt Predicts Major Bitcoin Surge