Key Highlights
- Ledger researchers found a security flaw in some Android phones that could let attackers steal crypto wallet private keys in under a minute.
- An attacker can connect the device through USB before it fully starts and extract the encryption keys that protect the phone’s storage.
- The issue could affect about 25% of Android devices, especially phones using MediaTek processors.
Ledger has discovered a serious security issue affecting some Android smartphones that use MediaTek processors. The flaw could reportedly allow someone with the phone in their hands to steal the PIN and private keys for crypto wallets in less than a minute.
In a detailed X thread on Wednesday, Ledger CTO Charles Guillemet said that the Donjon research team, which tests hardware and software security, found a weakness in the phone’s secure boot process, a system that checks the software when the phone starts.
If someone connects the phone to another device with a USB cable before the operating system fully loads, they could take the encryption keys that protect the phone’s storage. They could then unlock the storage offline and access private information, including wallet data.
How the phone security flaw works
According to the research team, the flaw could affect around 25% of Android phones. The phones most at risk are those that use MediaTek chips together with a secure system from Trustonic.
Ledger said this shows that phones were not made to store secrets like crypto keys. Users should update their phones with the latest security fixes from MediaTek and phone makers to protect themselves. The team shared this research so developers and manufacturers have time to fix the problem before bad people try to steal keys.
“We undertake this work not to create fear, but so the industry can fix the vulnerability before attackers take advantage,” Guillemet said.
Rising attacks on personal crypto wallets
The discovery comes as attacks on personal crypto wallets continue to increase. A recent TRM Labs report shows that thefts like private-key hacks, seed-phrase steals, and website hijacks made up more than 80% of the $2.1 billion lost in crypto in the first half of 2025.
Overall, more than $3.41 billion was stolen in 2025, with personal wallet compromises rising sharply from 7.3% of stolen value in 2022 to 44% in 2024, affecting more than 158,000 cases.
Similar warning from Ledger researchers before
Meanwhile, Ledger had warned about similar problems before. In December 2025, its researchers found that the MediaTek Dimensity 7300 chip had a hardware weakness that allows attackers to bypass security checks using electromagnetic fault injection.
This lets hackers control the memory, boot, and security settings of the device. This, in turn, compromises the security of the stored crypto keys. The flaw cannot be fixed via software updates, as it is a hardware flaw. Even though each attack attempt succeeds only a small percentage of the time, it can be repeated quickly, making a breach possible within minutes.
The company explained that smartphones, even the most advanced ones, are not safe for storing private keys. Smartphones can be stolen or grabbed. If attackers can control the early boot components of the phone, they can essentially control the entire phone.
Also Read: North Korea-Linked Hackers Target Crypto Supply Chain in Cloud Breach
