Ledger researchers reveal a critical flaw that allows a seed phrase to be stolen in less than a minute.
Ledger’s Donjon security team has uncovered an Android vulnerability that could put millions of users worldwide at risk. The discovery affects devices equipped with MediaTek processors and could allow attackers to extract wallet PINs and private keys in as little as 45 seconds.
The security flaw exploits a weakness in the secure boot chain of MediaTek chips. According to Ledger, an attacker with physical access to a smartphone can connect it via USB before the operating system fully loads, extract the private keys that protect Android’s disk encryption, and subsequently decrypt the data stored on the device offline.
During a demonstration test, the researchers managed to recover sensitive information from several wallet applications, including Trust Wallet, Kraken Wallet, and Phantom.
Ledger experts estimate that around 25% of Android smartphones currently in circulation could be vulnerable to the attack. The flaw particularly affects models using MediaTek processors in combination with the Trustonic secure execution environment.
Charles Guillemet, Chief Technology Officer of Ledger, stated:
“This research demonstrates what we have long argued: smartphones were never designed to function as vaults. While this vulnerability can be patched, and we encourage all users to update their devices with the latest security fixes provided by MediaTek and manufacturers, it highlights the inherent challenge of storing secrets on devices that are not secure.”
According to a report by TRM Labs, a blockchain intelligence firm, infrastructure attacks—including private key theft, seed phrase theft, and front-end compromises—accounted for more than 80% of the $2.1 billion stolen in the first half of 2025.
