Crypto News Exchanges Markets & Finance

MediaTek patches flaw that enabled crypto seed theft in 45 seconds

Updated:
Mediatek Patches Flaw That Enabled Crypto Seed Theft In 45 Seconds
Mediatek Patches Flaw That Enabled Crypto Seed Theft In 45 Seconds

Security researchers have identified a vulnerability affecting certain Android devices powered by MediaTek chipsets that could allow an attacker with physical access to a phone to extract sensitive data using a USB connection. The issue was disclosed by Ledger’s white-hat security team, Donjon, and MediaTek published a security bulletin on Jan. 5, 2026, providing fixes to device manufacturers. Users who have not yet installed the latest available security updates are advised to do so as soon as possible.

According to Ledger’s account shared with Cointelegraph, the vulnerability affected the secure boot chain, the low-level mechanism intended to ensure that a device starts only with authorized software. In a proof-of-concept demonstration, Donjon researchers connected a Nothing CMF Phone 1 to a laptop and were able to compromise the device’s protections in roughly 45 seconds.

Ledger said the attack could allow recovery of a device PIN, decryption of storage, and extraction of seed phrases from several popular software wallets, including Trust Wallet, Base, Kraken Wallet, Rabby, Tangem’s mobile wallet, and Phantom. Importantly, the attack scenario described requires physical access to the device and depends on the phone remaining unpatched.

MediaTek has already issued fixes to OEMs, and Ledger said it does not expect the issue to remain an ongoing systemic problem once patches are properly deployed. The case nonetheless highlights the security risks that can arise when smartphones are used to store or manage sensitive crypto credentials, especially if devices are lost, stolen, or not kept up to date.

For users, the immediate takeaway is practical: keep device firmware and security patches current, avoid leaving phones unattended, and consider additional layers of protection for crypto holdings. More broadly, the episode reinforces a longstanding industry discussion around the limits of general-purpose mobile hardware for high-security crypto use cases.

Key takeaways

  • A vulnerability affecting certain MediaTek-powered Android devices could allow a physically present attacker to extract sensitive data through a USB-based attack path.
  • MediaTek published fixes for the issue on Jan. 5, 2026, and users should install the latest available security updates from their device manufacturer.
  • Ledger’s Donjon team demonstrated a proof of concept on a Nothing CMF Phone 1 in about 45 seconds.
  • According to Ledger, the exploit could recover a device PIN, decrypt storage, and extract seed phrases from several popular mobile wallets on vulnerable, unpatched devices.
  • The reported attack requires physical access and does not depend on the victim actively unlocking the phone during the attack sequence.

Sentiment: Neutral

Market context: The report adds to ongoing concerns around mobile wallet security and reinforces the importance of hardware security, physical device protection, and timely firmware updates for crypto users.

Why it matters

As more users rely on smartphones to manage digital assets, any weakness in low-level device security can have outsized consequences. Even if a flaw is patched quickly, the real-world risk can remain meaningful when users delay updates or when device manufacturers take time to distribute fixes. For crypto users in particular, seed phrases and wallet credentials remain high-value targets.

The case also underscores the importance of independent security research and responsible disclosure. In this instance, Ledger’s researchers disclosed the issue before public reporting, and MediaTek issued fixes through its normal security process. That sequence matters because it reduces the likelihood of widespread exploitation while still informing users and the broader ecosystem about the need for defensive hygiene.

What to watch next

  • How quickly OEMs distribute the relevant MediaTek security fixes to affected devices.
  • Whether users apply those updates promptly after they become available.
  • Any further technical clarification from MediaTek, Ledger, or device makers about which models were affected and how mitigation has been implemented.
  • Whether wallet providers add more safeguards for mobile seed storage on general-purpose smartphones.

Sources & verification

  • Cointelegraph reporting on Ledger Donjon’s findings and MediaTek’s Jan. 5 patch rollout.
  • MediaTek’s January 2026 Product Security Bulletin.
  • Ledger Donjon’s public research discussing smartphone hardware security and MediaTek-related testing.

Risk & affiliate notice: Crypto assets are volatile and capital is at risk. This article may contain affiliate links. Read full disclosure

The Crypto Breaking News editorial team curates the latest news, updates, and insights from the global cryptocurrency and blockchain industry.

Related Posts