SKN | MediaTek Fixes Security Flaw That Could Expose Crypto Seed Phrases in Seconds

Key Points

• MediaTek patched a vulnerability that could allow attackers to steal crypto seed phrases from smartphones in under a minute.
• The flaw exploited the chipmaker’s secure boot chain and could be triggered using a USB connection.
• Security researchers urge users to install the latest device updates to remain protected.

Mobile chip manufacturer MediaTek has patched a security flaw that could have allowed attackers to extract cryptocurrency seed phrases from certain Android devices in as little as 45 seconds.

The vulnerability was discovered by the security research team Donjon, which operates under the crypto hardware wallet company Ledger.

After identifying the flaw, the researchers privately disclosed it to MediaTek, which released a security patch on Jan. 5. Users who have not installed the latest updates are being urged to update their devices as soon as possible.

Exploit Targeted the Secure Boot Process

The vulnerability was linked to MediaTek’s secure boot chain — a mechanism designed to ensure that smartphones start with authorized software and maintain system integrity during the startup process.

Researchers found that an attacker with physical access to a phone could connect the device to a computer through a USB cable and bypass several of the phone’s built-in security protections.

Once the exploit was triggered, it could potentially allow access to sensitive information stored on the device, including cryptocurrency wallet seed phrases.

Demonstration Showed Rapid Device Compromise

Ledger’s research team demonstrated the exploit using a Nothing CMF Phone 1 connected to a laptop.

According to the researchers, the attack allowed them to recover the phone’s PIN, decrypt the device’s storage and extract seed phrases from multiple popular crypto wallets — all without the phone fully booting into the Android operating system.

Among the affected applications were wallets such as Trust Wallet, Phantom and Rabby Wallet.

Millions of Devices Potentially Impacted

The vulnerability could affect devices using MediaTek processors and the Trustonic Trusted Execution Environment.

Researchers estimate that roughly a quarter of Android smartphones rely on this architecture, meaning a large number of devices could theoretically be vulnerable if they remain unpatched.

Because millions of people store cryptocurrency wallets on their phones, even a single security flaw can potentially expose a significant number of digital assets.

Security Experts Warn About Mobile Wallet Risks

Ledger security experts say the incident highlights the inherent security challenges associated with using general-purpose smartphones to store sensitive cryptographic keys.

According to Charles Guillemet, smartphones are not specifically designed to protect cryptographic secrets under physical attack.

Dedicated hardware wallets instead rely on specialized secure elements that isolate private keys from the rest of the system, reducing the risk of extraction even if a device is compromised.

While MediaTek has already released a patch addressing the flaw, experts recommend keeping mobile devices updated and exercising caution when storing cryptocurrency keys on smartphones.