Android phone stolen in 45 seconds, encrypted wallet seed phrase compromised! Ledger reveals a critical vulnerability in MediaTek chips, risking 25% of devices worldwide.

Hardware wallet manufacturer Ledger’s security team recently revealed a serious hardware vulnerability in Android phones equipped with MediaTek chips. Attackers can extract device PINs and cryptocurrency wallet seed phrases with just 45 seconds of physical access, potentially affecting up to 25% of Android devices worldwide.
(Background: Beware! Clawdbot misconfiguration may hide major security flaws: user wallets have been looted)
(Additional context: Trust Wallet security flaw! Do not import seed phrases and upgrade to version 2.69 immediately; theft estimated at at least $6 million)

Table of Contents

Toggle

• Exploitation takes only 45 seconds, threatening 25% of Android phones
• Mainstream software wallets compromised, urgent updates recommended
• Personal wallet hacking incidents rapidly increasing

Ledger’s internal security team recently disclosed a hardware-level vulnerability that could pose a serious threat to digital asset security. Ledger’s white-hat research unit Donjon discovered a dangerous security flaw in the firmware of Android phones powered by MediaTek processors. This flaw allows attackers to quickly extract the device’s PIN and private keys from popular crypto software wallets.

Exploitation takes only 45 seconds, threatening 25% of Android phones

The core of this vulnerability lies in the weak link of MediaTek’s secure boot chain. The researchers noted that if an attacker can physically access the victim’s phone, they can connect via USB before the OS loads. They can then extract the encryption keys protecting Android’s full disk encryption and decrypt data offline.

Even more concerning, the entire attack process takes about 45 seconds. The researchers estimate that this vulnerability could impact up to 25% of Android devices globally, especially those using MediaTek chips with Trustonic Trusted Execution Environment (TEE).

Mainstream software wallets compromised, urgent updates recommended

To demonstrate the severity, Donjon conducted proof-of-concept (PoC) tests. Results showed that sensitive wallet data and seed phrases from Trust Wallet, Kraken Wallet, and the popular Phantom wallet on Solana were successfully stolen.

Ledger CTO Charles Guillemet emphasized that smartphones have never been designed as vaults. He pointed out that if users store crypto on their phones, security depends on the device’s weakest link. The team released this research to give the industry time to patch the flaw before malicious actors exploit it. While the vulnerability can be fixed via software updates, they strongly advise all users to update the latest security patches provided by MediaTek and their device manufacturers as soon as possible.

Personal wallet hacking incidents rapidly increasing

This report coincides with a peak in hacker attacks targeting user wallets. According to blockchain intelligence firm TRM Labs, over $2.1 billion was stolen in the first half of 2025, with more than 80% stemming from infrastructure attacks such as private key theft and seed phrase leaks.

Additionally, Chainalysis data shows that in 2024, crypto theft losses exceeded $3.41 billion. The proportion of personal wallet intrusions surged from 7.3% in 2022 to 44% in 2024, with over 158,000 victim cases. These staggering figures highlight the significant risks of storing large assets on non-specialized hardware devices.