Author
Ahmed Balaha
Author
Share
Fact Checked by
CryptoNews Editorial Team
Author
Your Android phone might be handing over your crypto wallet in under 60 seconds.
Ledger’s own security team just exposed a hardware flaw in MediaTek chips that lets anyone with physical access to your phone pull your PIN and seed phrase before your phone even boots. USB cable, done. No software patch can fix it either. It is baked into the chip.
The Dimensity 7300 is the chip in question. It affects roughly 25% of all Android devices. Even the Solana Seeker phone is on the list.
MediaTek was told about this back in May 2025. The fix? There is not one. If you have the chip, you have the vulnerability.
For anyone storing real money on a mobile wallet, this one hurts.
How the Boot ROM Exploit Bypasses Android Security
The flaw lives in the boot ROM. That is the code burned into the chip at the factory. It cannot be updated. Ever.
Ledger’s team used electromagnetic pulses to mess with the chip mid-startup. Perfectly timed voltage glitches that force the processor to skip its own security checks. Once that happens, the attacker hits EL3 privilege.
That is the highest level of control possible on ARM architecture. Full access. Game over.
In testing, they pulled it off in about 1 second per attempt.
From there, the entire data partition gets decrypted offline. Private keys, PINs, everything your trusted execution environment was supposed to protect. Gone.
No app-level security saves you here. The foundation itself is broken.
Millions of Devices Exposed, Including Solana Seeker
Millions of mid-range Android phones are affected. And there is no patch coming for devices already in the field.
MediaTek’s response was basically “physical attacks are not really our problem.” But when people are storing serious money on these phones, that answer no longer cuts it.
The numbers back that up. Crypto theft hit $3.41 billion in 2024. Personal wallets now account for 44% of all stolen value. In 2022, that number was 7.3%.
Ledger’s own CTO said it. Phones were never designed to be vaults. If you have real money in a mobile wallet, move it to a hardware wallet now.
A software workaround will be included in the March 2026 Android Security Bulletin.
The real question now is whether mobile-first crypto projects can survive a hardware trust problem. If the foundation keeps cracking, the whole pitch of storing crypto on your phone starts falling apart.
Discover: The best new crypto in the world
https://cryptonews.com/news/ledger-researchers-expose-android-flaw-wallet-seed-theft/
