Ledger Researchers Reveal MediaTek Flaw That Could Expose Crypto Wallets on Android Phones

Security researchers at Ledger say they have uncovered a serious vulnerability affecting Android smartphones that run on MediaTek processors.

The flaw could allow someone with physical access to a phone to extract sensitive cryptocurrency wallet data—including PIN codes and seed phrases—in under a minute.

The discovery comes from Ledger’s internal security research division known as the Donjon team, which focuses on analyzing hardware and software security issues tied to digital asset storage. In their latest research, the team found that certain MediaTek chips contain a weakness in the device’s secure boot chain, creating a small but critical window during startup where sensitive data may be exposed.

If exploited, the issue could allow an attacker to connect the phone to another device through USB before the Android operating system fully loads. From there, encrypted information stored on the phone can potentially be accessed and decrypted offline.

The finding adds to ongoing concerns within the crypto security community about storing private keys and recovery phrases directly on smartphones.

According to the researchers, the attack takes advantage of how some MediaTek chips handle the secure boot process. Secure boot is meant to verify each stage of the system as the phone powers on, ensuring that only trusted software can run.

But the Donjon team found that in some cases this verification process can be interrupted early in the startup sequence. That small gap gives an attacker an opportunity to connect to the device and access sensitive data before the phone finishes booting.

In a proof-of-concept demonstration, Ledger researchers showed they could extract wallet credentials in roughly 45 seconds. The attack does not require internet access and does not rely on traditional methods such as phishing or malware.

Instead, the attacker simply needs temporary physical access to the phone and the ability to connect it to another system through USB.

Once the data is pulled from the device, it can be decrypted outside the phone’s environment, potentially revealing wallet PINs and seed phrases—the recovery keys that provide full control over a crypto wallet.

During their research, the Ledger team tested several well-known mobile wallet applications to see whether the vulnerability could expose stored credentials. Among the apps involved in the tests were:

• Trust Wallet
• Kraken Wallet
• Phantom Wallet

Researchers were able to retrieve sensitive information from these wallets when running on affected devices. Ledger emphasized that the issue does not stem from the wallet apps themselves but from weaknesses in the phone’s hardware security layer.

Because mobile wallets rely on the device’s secure environment to protect private keys, any flaw at the hardware level can undermine those protections.

The research team shared details of the proof-of-concept and their findings in a public post explaining how the exploit works and why it matters for mobile crypto users.