Your Android telephone is perhaps handing over your crypto pockets in beneath 60 seconds.
Ledger’s personal safety workforce simply uncovered a {hardware} flaw in MediaTek chips that lets anybody with bodily entry to your telephone pull your PIN and seed phrase earlier than your telephone even boots. USB cable, performed. No software program patch can repair it both. It’s baked into the chip.
The Dimensity 7300 is the chip in query. It impacts roughly 25% of all Android units. Even the Solana Seeker telephone is on the listing.
INTEL: Ledger exposes a MediaTek Dimensity 7300 flaw that lets attackers with bodily entry steal Android hot-wallet seed phrases in minutes pic.twitter.com/gBTb2QBXMO
— Strong Intel
(@solidintel_x) March 11, 2026
MediaTek was advised about this again in Might 2025. The repair? There may be not one. If in case you have the chip, you’ve gotten the vulnerability.
For anybody storing actual cash on a cellular pockets, this one hurts.
How the Boot ROM Exploit Bypasses Android Safety
The flaw lives within the boot ROM. That’s the code burned into the chip on the manufacturing unit. It can’t be up to date. Ever.
Ledger’s workforce used electromagnetic pulses to mess with the chip mid-startup. Completely timed voltage glitches that drive the processor to skip its personal safety checks. As soon as that occurs, the attacker hits EL3 privilege.
That’s the highest degree of management doable on ARM structure. Full entry. Recreation over.
In testing, they pulled it off in about 1 second per try.
BREAKING: @Ledger researchers have recognized a vulnerability in Android telephones utilizing MediaTek processors that would permit an attacker with bodily entry to extract a tool’s PIN and crypto pockets seed phrases in beneath a minute.
In a proof of idea check, Ledger’s Donjon… pic.twitter.com/ooetcAhZXx— SolanaFloor (@SolanaFloor) March 11, 2026
From there, your entire knowledge partition will get decrypted offline. Non-public keys, PINs, all the pieces your trusted execution surroundings was supposed to guard. Gone.
No app-level safety saves you right here. The muse itself is damaged.
Thousands and thousands of Gadgets Uncovered, Together with Solana Seeker
Thousands and thousands of mid-range Android telephones are affected. And there’s no patch coming for units already within the subject.
MediaTek’s response was mainly “bodily assaults will not be actually our drawback.” However when individuals are storing severe cash on these telephones, that reply now not cuts it.
The numbers again that up. Crypto theft hit $3.41 billion in 2024. Private wallets now account for 44% of all stolen worth. In 2022, that quantity was 7.3%.
Ledger’s personal CTO mentioned it. Telephones had been by no means designed to be vaults. If in case you have actual cash in a cellular pockets, transfer it to a {hardware} pockets now.
A software program workaround can be included within the March 2026 Android Safety Bulletin.
The actual query now’s whether or not mobile-first crypto initiatives can survive a {hardware} belief drawback. If the inspiration retains cracking, the entire pitch of storing crypto in your telephone begins falling aside.
Uncover: The very best new crypto on this planet
The publish Ledger Researchers Expose Android Flaw Enabling Pockets Seed Theft appeared first on Cryptonews.
Leave a Reply