Ledger Security Team Discovers MediaTek Chip Vulnerability That Could Expose Wallet Mnemonics

KuCoinFlash

Release Time: 03/11/2026 13:17:23

Summary

CFT concerns have risen after Ledger’s security team discovered a vulnerability in MediaTek Dimensity 7300 chips. Attackers with physical access could use USB to extract encryption keys before the OS loads, decrypting storage and stealing PINs and wallet mnemonics in 45 seconds. Trust Wallet, Kraken Wallet, and Phantom were successfully tested. The issue affects approximately 25% of Android devices with MediaTek chips and Trustonic TEE. Ledger CTO Charles Guillemet warned that phones are not designed as secure vaults and urged users to install patches. Liquidity and crypto markets could face risks if unpatched devices are exploited.

BlockBeats report: On March 11, Donjon, the security research team under the crypto wallet Ledger, discovered a security vulnerability in the MediaTek Dimensity 7300 chip. An attacker with physical access to the device can extract encryption keys via USB before the operating system loads, decrypt the device’s storage, and obtain the device PIN and crypto wallet recovery phrase in approximately 45 seconds. In proof-of-concept tests, the vulnerability successfully extracted sensitive data from wallet applications including Trust Wallet, Kraken Wallet, and Phantom.

Researchers stated that the vulnerability may affect approximately 25% of Android phones, including models using MediaTek chips and the Trustonic Trusted Execution Environment. Charles Guillemet, Chief Technology Officer at Ledger, said smartphones were never designed to function as vaults; although the vulnerability can be patched, it highlights the inherent risk of storing keys on non-secure devices, and users are advised to apply security updates as soon as possible.

Source:Show original

Disclaimer: The information on this page may have been obtained from third parties and does not necessarily reflect the views or opinions of KuCoin. This content is provided for general informational purposes only, without any representation or warranty of any kind, nor shall it be construed as financial or investment advice. KuCoin shall not be liable for any errors or omissions, or for any outcomes resulting from the use of this information. Investments in digital assets can be risky. Please carefully evaluate the risks of a product and your risk tolerance based on your own financial circumstances. For more information, please refer to our Terms of Use and Risk Disclosure.