Ledger Reveals Android Flaw Targeting Crypto Seed Phrases

by

In the latest episode of “How Not to Store Your Crypto,” Ledger’s Donjon research team has discovered a rather unsettling flaw in MediaTek processors-those little chips that power most of your Android phones. Turns out, these chips are so good at being bad, they allow hackers to lift your phone’s PIN and your crypto seed phrases in less time than it takes to make a cup of coffee. And the kicker? This can happen even when your device is switched off. Yes, you read that right. Off. As in not even on. But sure, keep thinking your phone is your best friend.

The team ran a little “proof-of-concept” test, which is just a fancy way of saying, “we tried this and, surprise, it worked.” In this test, they successfully obtained sensitive information from several popular software (a.k.a. “hot”) crypto wallets, including Trust Wallet, Kraken Wallet, and Phantom. So if you’ve ever used one of those, congratulations, you’re now part of an exclusive group of crypto wallet victims.

Crypto theft on Android OS

Enter Charles Guillemet, Ledger’s Chief Technology Officer, who-unsurprisingly-has some words of wisdom to offer. “Smartphones aren’t built for security,” he said. Well, that’s one way to put it. Thanks for the insight, Charles. He went on to say that this vulnerability could affect “millions” of Android phones, which, given that Android’s market share is larger than the population of some countries, seems a tad underwhelming.

In case you missed it, Guillemet also tweeted about the situation. According to him, “Even when powered off, user data-including pins and seeds-can be extracted in under a minute.” A minute! It’s almost like someone left the door wide open and all your crypto secrets are hanging out, waiting for a thief to come by.

@DonjonLedger has struck again discovering a MediaTek vulnerability potentially impacting millions of Android phones. Another reminder that smartphones aren’t built for security. Even when powered off, user data – including pins & seeds – can be extracted in under a minute.

– Charles Guillemet (@P3b7_) March 11, 2026

Naturally, after this revelation, MediaTek scrambled to patch the bug, and Trust Wallet rolled out a shiny new security feature to prevent tampering with crypto addresses. We’ll see how long that lasts.

Which method of storage is safe?

Now, let’s talk about your choices for crypto storage. While cold wallets, like Ledger and Trezor, get to wear the “Secure” badge, it’s not all sunshine and rainbows. These devices use chips separate from your phone’s processor-basically a “safe room” for your coins. But even these trusty cold wallets aren’t immune to mishaps. Social engineering, supply chain tampering, and the occasional reckless human being have all contributed to crypto theft. So, don’t think you’re invincible just because you went the cold wallet route.

Take, for instance, the South Korean Tax Service, which decided to share a little too much when it accidentally posted the seed phrase to a seized crypto hard wallet online. That’s like leaving the key to your vault on the sidewalk with a neon sign that says “Take me.” And let’s not forget the French couple recently relieved of almost $1 million in Bitcoin in a good old-fashioned brute force robbery. A wrench, some force, and voilà-crypto gone. Remember, folks, even cold storage has its risks.

iOS users, of course, aren’t entirely off the hook. While the Coruna vulnerability is a bit of an oldie, it still allowed hackers to mine sensitive crypto data from older iOS versions. So, Apple’s “secure” reputation? Maybe not so much. But hey, at least your iPhone looks good while it’s getting hacked.

To sum it up: If you’re running a node, user keys are still at risk. So maybe it’s time to think about multisig wallets. They’re a little more “fireproof” than the rest, but who knows? In the crypto world, safety is always just a patch away from disaster.

Read More

2026-03-12 06:08