Ledger discloses MediaTek Dimensity 7300 boot ROM flaw that can expose mobile crypto wallets

Published: 2026-03-11 22:47:35 |

Ledger’s Donjon team disclosed a hardware-level boot ROM vulnerability in MediaTek’s Dimensity 7300 (MT6878) that can be exploited via electromagnetic fault injection (EMFI) at device startup to escalate to EL3 (highest ARM privilege), bypass hardware security checks and decrypt protected storage. Because the flaw sits in immutable boot ROM silicon, it cannot be fully patched with software; Ledger demonstrated attacks in lab conditions that can extract PINs, seed phrases and private keys within seconds to minutes given physical access. The chip is common in mid-range Android devices (Ledger estimates roughly one in four such phones affected), including some devices used in the Solana ecosystem. MediaTek said EMFI attacks requiring physical access are “out of scope” for MT6878 and positioned the chip as a consumer part, recommending specialized hardware for high-security use cases. Ledger warns the flaw makes on-device key storage unsafe on impacted phones and urges moving significant holdings to secure elements or dedicated hardware wallets. A software mitigation was planned for the March 2026 Android security bulletin, but a complete fix requires hardware changes. For traders: expect increased operational risk for mobile hot wallets on affected devices, heightened relevance of hardware wallets and secure-element custody, and potential short-term shifts in user behaviour away from mobile custody for the impacted ecosystem.

Bearish

Direct price impact is expected to be negative for tokens and ecosystems that rely heavily on affected mobile devices for custody or user access—most notably projects within affected device user bases such as Solana (referenced). The vulnerability raises immediate operational risk: attackers with physical access can extract private keys, increasing likelihood of wallet drains and user losses. Short-term effects: elevated sell pressure or reduced on-chain activity as users move funds to hardware wallets or pause transactions, plus reputational damage for mobile-first wallet providers. Medium-term effects: greater demand for hardware wallets and secure-element-backed devices, increasing outflows from hot wallets and reducing on-chain merchant activity tied to impacted apps. The impact on the broader market should be limited and sector-specific—tokens tied to the affected device user base may experience sharper downside, while hardware wallet vendors and secure custody solutions may see increased interest. Overall, the news is bearish for affected tokens in the short term but does not imply systemic market collapse.