A newly revealed flaw in a popular Android smartphone chipset is raising fresh concerns about the safety of mobile-based web3 wallets. Researchers from Ledger’s Donjon security team say the issue could let an attacker with physical access to a device gain complete control of its processor, highlighting a blind spot in how many users protect their digital assets.
A hardware-level weakness with high stakes
In a report released Wednesday, Ledger detailed how its researchers examined the Mediatek Dimensity 7300 (MT6878) chip, which powers a wide range of Android phones. While software vulnerabilities often dominate the conversation around mobile security, the team set out to test a different question: how easily could a determined attacker compromise a smartphone by physically tampering with its hardware?
Donjon
Using electromagnetic fault injection, or EMFI, the researchers managed to interrupt the chip’s boot ROM — the foundational code that runs before the operating system loads. By sending precisely timed pulses, they forced the ROM to reveal a full dump of its memory and working RAM. This unexpected behavior provided the clues needed to map out an attack method.
From there, the team used EMFI to bypass key safeguards in the chip’s write command, allowing them to overwrite the return address on the boot ROM’s stack. This opened the door to disabling the memory management unit and running arbitrary code at the processor’s highest privilege level. Once achieved, an attacker could fully control the device.
Ledger said the process is repeatable, with a low but workable success rate between 0.1 percent and 1 percent. With unlimited reboots, a successful takeover could be achieved in minutes.
Not a threat to Ledger devices, but a warning for smartphone wallets
The company emphasized that the vulnerability does not affect Ledger hardware wallets. Instead, the findings underline the risks of storing private keys on standard smartphones, especially as these devices are easily lost or stolen.
“This experiment confirmed what we suspected all along,” the research team wrote. “Even advanced chips built with leading fabrication processes can still be vulnerable to fault injection.”
Hardware wallets, which rely on dedicated secure elements, remain the recommended option for self-custody.
Ledger reported the issue to Mediatek in May. The vendor acknowledged the disclosure and alerted manufacturers using the affected chipset. Mediatek stated that EMFI-style attacks fall outside the intended security scope of the MT6878, which was designed for everyday consumer devices—not financial or high-security applications.
Rising physical threats to crypto users
The chipset flaw comes at a time when physical attacks targeting crypto holders are becoming more common worldwide.
Earlier this week, two suspects in Vienna were arrested after the killing of a 21-year-old Ukrainian man who was reportedly forced to hand over his crypto wallet passwords before being assaulted and left in a burned car.
Similar cases have surfaced across Europe. In June, French authorities charged 25 people in a series of coordinated abductions aimed at extorting crypto assets. A month later, a Belgian court handed down 12-year sentences to three men involved in a crypto-related kidnapping and ransom scheme.
These incidents reflect a broader trend: as digital assets grow in value and visibility, criminals are turning to physical coercion instead of online hacks.
