Android Telephone Crypto Wallets May Be at Danger As a result of MediaTek Exploit: Ledger – Decrypt

A vulnerability in sure Android smartphones powered by MediaTek processors may permit attackers to extract encrypted person information in below a minute utilizing solely a USB connection, based on new analysis from cryptocurrency {hardware} pockets maker Ledger.

Ledger’s inside safety analysis group, generally known as the Donjon, discovered that white hat hackers had been capable of display the flaw by connecting a Nothing CMF Telephone 1 to a laptop computer and compromising the machine’s safety in below 45 seconds.

“Donjon has struck once more, discovering a MediaTek vulnerability doubtlessly impacting hundreds of thousands of Android telephones. One other reminder that smartphones aren’t constructed for safety,” Ledger Chief Expertise Officer Charles Guillemet wrote on X. “Even when powered off, person information—together with PINs and [seed phrases]—could be extracted in below a minute.”

The Donjon group reported they had been capable of get well the Nothing CMF Telephone 1’s PIN, decrypt its storage, and extract seed phrases from a number of crypto wallets with out booting Android, together with Belief Pockets, Base, Kraken Pockets, Rabby, Tangem’s cellular pockets, and Phantom.

Launched in 2024 by London-based Nothing, the Nothing CMF Telephone 1 is a low-cost and modularly customizable cell phone that runs the Android working system. The exploit targets the telephone’s safe boot chain, Donjon mentioned, which permits an attacker to attach by way of USB and extract root cryptographic keys earlier than the working system hundreds, enabling the machine’s storage to be decrypted offline.

In line with a July 2025 report by Chainalysis, private pockets compromises represented a rising share of whole cryptocurrency theft, with attackers more and more concentrating on particular person customers, making up 23.35% of all stolen fund exercise YTD in 2025.

Ledger mentioned the Donjon group found the vulnerability whereas analyzing Android’s flash encryption safety. The corporate disclosed the exploit to MediaTek and Trustonic below a 90-day accountable disclosure coverage, and the vulnerability was publicly disclosed by MediaTek earlier this month.

Different units that use MediaTek chips embrace the crypto-centric Solana Seeker, together with smartphones from manufacturers together with Samsung, Motorola, Xiaomi, POCO, Realme, Vivo, OPPO, Tecno, and iQOO. Nevertheless, it isn’t but clear which different handsets past the Nothing CMF Telephone 1 could also be inclined to the exploit.

Though the demonstration centered on crypto wallets, Donjon mentioned the publicity may lengthen to different delicate data saved on the machine, together with messages, photographs, monetary data, and account credentials.

Crypto wallets sometimes are available two flavors: software program and {hardware} wallets designed to retailer personal keys that permit customers to entry their digital property. Software program or scorching wallets are designed for cellular units, whereas bodily {hardware} wallets are meant for use with desktop or laptop computer computer systems. These wallets, just like the Ledger Nano S, could be faraway from computer systems for higher safety.

Nevertheless, software program wallets are extra accessible and sometimes free to obtain and use, in comparison with {hardware} wallets that may differ in value. Nevertheless, Guillemet mentioned the software-only method comes with trade-offs, and highlights a elementary architectural distinction between “general-purpose” telephone chips and people particularly designed for personal key safety.

“Basic-purpose chips are constructed for comfort,” he wrote. “Safe Parts are constructed for key safety. A devoted Safe Factor isolates secrets and techniques from the remainder of the system, defending them even below bodily assault.”