MediaTek Security Flaw Exposes Crypto Wallets to Rapid Theft

A critical security vulnerability in MediaTek chipsets has been discovered, allowing attackers to compromise Android devices and steal sensitive data, including cryptocurrency wallet seed phrases, in as little as 45 seconds. The flaw, identified by Ledger’s white-hat security team Donjon, affects devices utilizing MediaTek processors and the Trustonic Trusted Execution Environment (TEE).

Vulnerability Details and Exploitation

The vulnerability resides within MediaTek’s secure boot chain, a security mechanism designed to ensure devices start safely with authorized software. According to Ledger, an attacker with physical access to an Android phone can bypass security protections by connecting it to a computer via USB and executing specialized software. This allows them to gain access to sensitive data stored on the device.

Donjon demonstrated the exploit on a Nothing CMF Phone 1, successfully obtaining the device’s PIN, decrypting its storage, and extracting seed phrases from popular cryptocurrency wallets – Trust Wallet, Base, Kraken Wallet, Rabby, Tangem’s Mobile Wallet, and Phantom – within 45 seconds, even with the phone powered off. Cointelegraph and CryptoNews both reported on the rapid exploitation.

Affected Devices and Mitigation

Approximately 25% of Android phones utilize the Trustonic TEE and MediaTek processors, making a significant number of devices potentially vulnerable. Decrypt notes that while MediaTek issued a software fix to device manufacturers in January, the rollout to end-users has been inconsistent, particularly for lower-cost devices.

Ledger responsibly reported the vulnerability (CVE-2026-20435) to MediaTek, and a patch was released on January 5, 2026. Users are strongly advised to install the latest security updates provided by their device manufacturer to mitigate the risk.

Previous Findings and Ongoing Concerns

This isn’t the first security weakness discovered in MediaTek chips by Ledger’s research group. Last year, vulnerabilities were as well identified in the Dimensity 7300 chip. While it remains unclear if these past flaws have been actively exploited, the repeated discoveries raise concerns about the overall security posture of MediaTek chipsets.

Key Takeaways

• A significant security flaw in MediaTek chips allows for rapid theft of crypto wallet seed phrases.
• The exploit requires physical access to the device and a USB connection.
• Approximately 25% of Android phones are potentially affected.
• Users should immediately install the latest security updates from their device manufacturer.
• Ledger’s Donjon team continues to identify security vulnerabilities in MediaTek processors.