Security researchers at Ledger say a vulnerability affecting certain Android smartphones powered by MediaTek processors could allow attackers to extract encrypted user data in less than a minute using only a USB connection.
The flaw allows an attacker to retrieve a device PIN and decrypt the phone’s storage before the Android operating system boots, potentially exposing sensitive information including cryptocurrency wallet seed phrases.
Ledger’s internal security research team, Donjon, demonstrated the exploit on a Nothing CMF Phone 1 by connecting the device to a laptop and compromising its security in about 45 seconds.
“Donjon has struck again, discovering a MediaTek vulnerability potentially impacting millions of Android phones,”
Ledger chief technology officer Charles Guillemet wrote on X.
Researchers said they were able to recover the phone’s PIN, decrypt storage, and extract seed phrases from several crypto wallets including Trust Wallet, Phantom, Kraken Wallet, Rabby, Base and Tangem’s mobile wallet.
MediaTek issued a fix to device manufacturers in January under a responsible disclosure process, though the vulnerability was only publicly acknowledged in March.
Ledger warned the issue highlights broader security risks for software-based crypto wallets stored on smartphones, particularly when compared with hardware wallets designed with dedicated secure elements for key protection.