A flaw in processors allows keys to be stolen in under a minute.
Ledger's security team (Donjon) has discovered a critical vulnerability in Android smartphones powered by MediaTek processors. This was reported by The Block.
The bug enables attackers to obtain a phone's PIN code and private keys from crypto wallets in less than a minute.
The issue lies in the secure boot mechanism of the chips. To exploit it, physical access to the device is required: an attacker connects the smartphone via USB before the operating system loads, extracts the disk encryption keys, and then accesses the data offline.
Researchers estimate that this vulnerability affects a quarter of all Android smartphones, particularly those based on MediaTek that utilize the Trustonic trusted execution environment.
Ledger's CTO, Charles Guillemet, reminded users that mobile devices were not originally designed as secure storage. He urged users to install the latest security patches from manufacturers.
“If your cryptocurrency is stored on your phone, the level of asset protection is limited by the reliability of the weakest link in the hardware or software,” Guillemet emphasized.
Wallet attacks remain a significant threat to the industry. According to TRM Labs, in the first half of 2025, over 80% of the total stolen funds ($2.1 billion) were due to the theft of private keys and seed phrases.
Recall that in October 2025, Ledger and Trezor introduced next-generation devices.