Ledger Researchers Expose Critical Android Flaw Enabling Crypto Wallet Seed Theft in Under 60 Seconds
Ledger's security team has issued a critical warning: a hardware flaw in MediaTek's Dimensity 7300 chip allows attackers with brief physical access to an Android device to extract crypto wallet PINs and seed phrases before the phone boots. The vulnerability, which cannot be patched via software, impacts approximately 25% of all Android devices, including the Solana Saga phone, posing a direct threat to mobile hot wallet security.
(@solidintel_x) March 11, 2026
MediaTek was told about this back in May 2025. The fix? There is not one. If you have the chip, you have the vulnerability.
For anyone storing real money on a mobile wallet, this one hurts.
How the Boot ROM Exploit Bypasses Android Security
The flaw lives in the boot ROM. That is the code burned into the chip at the factory. It cannot be updated. Ever.
Ledger’s team used electromagnetic pulses to mess with the chip mid-startup. Perfectly timed voltage glitches that force the processor to skip its own security checks. Once that happens, the attacker hits EL3 privilege.
That is the highest level of control possible on ARM architecture. Full access. Game over.
In testing, they pulled it off in about 1 second per attempt.
BREAKING: @Ledger researchers have identified a vulnerability in Android phones using MediaTek processors that could allow an attacker with physical access to extract a device’s PIN and crypto wallet seed phrases in under a minute.
In a proof of concept test, Ledger’s Donjon… pic.twitter.com/ooetcAhZXx
From there, the entire data partition gets decrypted offline. Private keys, PINs, everything your trusted execution environment was supposed to protect. Gone.
No app-level security saves you here. The foundation itself is broken.
Millions of Devices Exposed, Including Solana Seeker
Millions of mid-range Android phones are affected. And there is no patch coming for devices already in the field.
MediaTek’s response was basically “physical attacks are not really our problem.” But when people are storing serious money on these phones, that answer no longer cuts it.
The numbers back that up. Crypto theft hit $3.41 billion in 2024. Personal wallets now account for 44% of all stolen value. In 2022, that number was 7.3%.
Ledger’s own CTO said it. Phones were never designed to be vaults. If you have real money in a mobile wallet, move it to a hardware wallet now.
A software workaround will be included in the March 2026 Android Security Bulletin.
The real question now is whether mobile-first crypto projects can survive a hardware trust problem. If the foundation keeps cracking, the whole pitch of storing crypto on your phone starts falling apart.
