MediaTek TEE wahala make attackers fit comot Android wallet seed phrases and PINs via USB

Published: 2026-03-12 06:54:02 |

Ledger Donjon team researchers find one serious bug for MediaTek chips and Trustonic TEE wey fit make hacker wey get physical access comot encrypted data from Android phones through USB less than 45 seconds. The exploit sidestep secure boot chain before Android load, fit recover device PIN, decrypt storage and take seed phrases from popular mobile wallets (demo targets include Trust Wallet, Base, Kraken Wallet, Rabby, Tangem Mobile Wallet and Phantom). Ledger show the attack on Nothing CMF 1 phone and use electromagnetic fault injection on MediaTek Dimensity 7300 (MT6878) to disturb boot checks and get full control. MediaTek don release patch; unpatched devices wey dey run affected Trustonic TEE firmware still dey at risk. Ledger stress say general-purpose smartphones hard to secure compared to devices wey use isolated Secure Elements and advise users to apply vendor security updates quick and choose hardware with dedicated secure elements for key storage. Exposure big — millions of Android users dey manage crypto on phones — so traders suppose assume higher risk for mobile-held keys and consider move funds to safer storage or hardware wallets until devices don get patch.

Bearish

Dis vulnerability dey target seed phrases an device PINs for Android devices, an e dey increase di risk say people fit lose dia crypto sharp-sharp wey no fit recover if dem keep am for mobile software wallets. Short-term impact: more selling pressure an people go dey fear keep crypto for affected phones; some pipo fit comot dia funds go hardware wallets or exchanges, wey go increase on-chain activity an fit push small tokens price down. Long-term impact: small — di core protocol value for big cryptocurrencies no change — but if people still dey fear mobile custody e fit reduce retail on-chain activity an cut demand for mobile-native tokens an services. Because di exploit need physical access an specific vulnerable hardware/firmware, overall market-wide price shock suppose dey contained, but assets wey plenty retail mobile users hold get higher short-term risk. Traders suppose consider reduce exposure to tokens wey mainly dey stored for mobile wallets, monitor patch rollout, an watch on-chain flows related to hardware wallet adoption.