MediaTek Patches Critical Bug That Steals Crypto Seed Phrases

Key Takeaways

A newly patched vulnerability allowed attackers to extract crypto seed phrases in just 45 seconds via a USB connection.

The flaw affected approximately 25% of Android devices globally that use MediaTek chipsets and Trustonic TEE.

Security experts reiterate that general-purpose smartphones are built for convenience, not the level of security required for cold storage.

Test device compromised in 45 seconds

Ledger’s white-hat security division, Donjon, recently sent shockwaves through the mobile world by demonstrating how easily certain Android devices could be gutted. Basically, researchers found a hole in MediaTek’s ‘secure boot’—the guard that’s supposed to make sure your phone only runs safe software.

🚨 @DonjonLedger has struck again discovering a MediaTek vulnerability potentially impacting millions of Android phones. Another reminder that smartphones aren’t built for security. Even when powered off, user data – including pins & seeds – can be extracted in under a minute.
— Charles Guillemet (@P3b7_) March 11, 2026

Using nothing but a laptop and a USB cable, they shredded every security layer in sight. In under sixty seconds, they were inside, grabbing PINs and ripping seed phrases straight out of Trust Wallet and Phantom. This wasn’t just some lab experiment; it was a total collapse of the phone’s ‘safe’ startup sequence.

Mobile phones are never safe, Ledger says

The convenience of managing digital assets on a smartphone comes with a hidden price. Ledger’s CTO, Charles Guillemet, pointed out that even when a phone is powered off, architectural flaws in general-purpose chips allow for data extraction.

Without ever even booting into Android, the exploit automatically recovered the phone’s PIN, decrypted its storage, and extracted the seed phrases from the most popular software wallets.
— Charles Guillemet (@P3b7_) March 11, 2026

While MediaTek issued a patch on January 5, millions of users who haven’t updated their firmware remain at risk. The core issue lies in the design: smartphones are built to be fast and user-friendly, whereas hardware wallets use “Secure Elements” specifically designed to isolate secrets from physical or digital attacks.

As always, the Ledger Donjon followed a strict responsible disclosure process with the relevant vendors, which allowed security fixes to be released. MediaTek confirmed providing a fix to OEMs on Jan 5, 2026. The vulnerability is now public (CVE-2025-20435)…
— Charles Guillemet (@P3b7_) March 11, 2026

As nearly 36 million people manage crypto on their phones, the reliance on software-only security is becoming a massive liability for the industry.

Final Thoughts

At the end of the day, your software is only as safe as the phone it’s running on. This MediaTek patch might fix the immediate problem, but it’s a blunt reminder of a hard truth: your smartphone is essentially a ‘hot wallet.’ And because you carry it everywhere, it’s always going to be more vulnerable to physical hacks than a cold storage device kept under lock and key.

Frequently Asked Questions

How did the MediaTek hack work?
Attackers used a USB cable to exploit the secure boot chain, bypassing the Android OS to extract data directly from the chip.

Is my Android phone affected?
If your phone uses a MediaTek processor and hasn’t been updated with the January 2026 security patch, you may be at risk.

Should I store my seed phrase on my phone?
Experts advise against it; use a dedicated hardware wallet with a Secure Element for long-term storage.