Security researchers say a flaw in some Android devices could allow attackers to extract crypto wallet seed phrases in under a minute. The vulnerability targets phones using MediaTek processors, potentially affecting a large portion of the Android ecosystem.
The issue was identified by the Donjon security research team at Ledger. According to the researchers, attackers with physical access to a phone can connect it via USB before the operating system loads and exploit a weakness in the secure boot chain used by MediaTek. By extracting cryptographic keys protecting Android’s full-disk encryption, the attacker can decrypt the device’s storage offline and access private keys stored in wallet applications.
Could Android Hardware Weaknesses Expose Crypto Wallets?
The vulnerability may affect roughly 25% of Android phones, particularly models that combine MediaTek processors with Trustonic’s trusted execution environment. Because the exploit occurs before the operating system loads, standard application-level protections may not prevent the attack.
The finding highlights an ongoing tension in crypto security. Many users rely on smartphones for wallet storage due to convenience, but mobile devices were not originally engineered as hardened key vaults. If an attacker can compromise the hardware trust chain, application-level encryption becomes significantly easier to bypass. Could hardware-level weaknesses become the next major attack vector against personal crypto wallets?
“This research proves what we’ve long warned: smartphones were never designed to be vaults,” said Charles Guillemet, chief technology officer at Ledger.
He added that the company disclosed the vulnerability to give manufacturers time to release patches before malicious actors exploit the flaw.
The warning arrives as infrastructure attacks increasingly target individual users rather than centralized exchanges. According to data from TRM Labs, infrastructure exploits such as private key theft and seed phrase compromises accounted for more than 80% of the $2.1 billion stolen in crypto during the first half of 2025. Separate research from Chainalysis shows personal wallet compromises rose from 7.3% of stolen value in 2022 to 44% in 2024, affecting more than 158,000 cases.
MediaTek and device manufacturers are expected to issue firmware updates addressing the vulnerability. The next catalyst will be how quickly patches reach affected smartphones and whether wallet providers shift security guidance toward dedicated hardware devices.
