{"id":95146,"date":"2026-03-12T10:04:43","date_gmt":"2026-03-12T07:04:43","guid":{"rendered":"https:\/\/forklog.com\/en\/?p=95146"},"modified":"2026-03-13T11:40:05","modified_gmt":"2026-03-13T08:40:05","slug":"mediatek-chip-vulnerability-threatens-cryptocurrency-wallets-on-a-quarter-of-android-smartphones","status":"publish","type":"post","link":"https:\/\/forklog.com\/en\/mediatek-chip-vulnerability-threatens-cryptocurrency-wallets-on-a-quarter-of-android-smartphones\/","title":{"rendered":"MediaTek Chip Vulnerability Threatens Cryptocurrency Wallets on a Quarter of Android Smartphones"},"content":{"rendered":"<p>The security team at Ledger (Donjon) has identified a critical vulnerability in Android smartphones equipped with MediaTek processors, as reported by <a href=\"https:\/\/www.theblock.co\/post\/393154\/ledger-researchers-expose-android-flaw-enabling-thef\">The Block<\/a>.<\/p>\n<p>The flaw allows for the extraction of a phone&#8217;s PIN and private keys from cryptocurrency wallets in under a minute.<\/p>\n<p>The issue lies within the secure boot mechanism of the chips. Exploiting this vulnerability requires physical access to the device: an attacker connects the smartphone via USB before the operating system boots, extracts the disk encryption keys, and then accesses the data offline.<\/p>\n<p>Researchers estimate that the vulnerability affects a quarter of all Android smartphones. Devices at risk are those based on MediaTek, utilizing Trustonic&#8217;s trusted execution environment. <\/p>\n<p>Ledger&#8217;s CTO, Charles Guillemet, reminded users that mobile devices were not originally designed as secure storage solutions. He urged users to install the latest security patches from manufacturers.<\/p>\n<blockquote class=\"wp-block-quote is-layout-flow wp-block-quote-is-layout-flow\">\n<p><em>\u201cIf your cryptocurrency is stored on your phone, the security of your assets is only as strong as the weakest link in the hardware or software,\u201d Guillemet emphasized.<\/em><\/p>\n<\/blockquote>\n<p>Wallet attacks remain a significant threat to the industry. According to <a href=\"https:\/\/www.trmlabs.com\/resources\/blog\/h1-2025-crypto-hacks-and-exploits-a-new-record-amid-evolving-threats\">TRM Labs<\/a>, in the first half of 2025, the theft of private keys and seed phrases accounted for over 80% of the total stolen funds ($2.1 billion).<\/p>\n<p>Back in October 2025, Ledger and Trezor <a href=\"https:\/\/forklog.com\/en\/news\/ledger-and-trezor-unveil-next-generation-hardware-wallets\">unveiled<\/a> next-generation devices. <\/p>\n","protected":false},"excerpt":{"rendered":"<p>The security team at Ledger (Donjon) has identified a critical vulnerability in Android smartphones equipped with MediaTek processors.<\/p>\n","protected":false},"author":1,"featured_media":95147,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"select":"1","news_style_id":"1","cryptorium_level":"","_short_excerpt_text":"Chip flaw allows key theft in under a minute","creation_source":"","_metatest_mainpost_news_update":false,"footnotes":""},"categories":[3],"tags":[1634,1301,1640,57],"class_list":["post-95146","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-news-and-analysis","tag-android","tag-blockchain-vulnerabilities","tag-ledger","tag-wallets"],"aioseo_notices":[],"amp_enabled":true,"views":"309","promo_type":"1","layout_type":"1","short_excerpt":"Chip flaw allows key theft in under a minute","is_update":"","_links":{"self":[{"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/posts\/95146","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/comments?post=95146"}],"version-history":[{"count":1,"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/posts\/95146\/revisions"}],"predecessor-version":[{"id":95148,"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/posts\/95146\/revisions\/95148"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/media\/95147"}],"wp:attachment":[{"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/media?parent=95146"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/categories?post=95146"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/tags?post=95146"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}