Security researchers have uncovered a vulnerability in certain Android smartphones powered by MediaTek processors that could allow attackers with physical access to extract sensitive data, including crypto wallet seed phrases, in under a minute.
@DonjonLedger has struck again discovering a MediaTek vulnerability potentially impacting millions of Android phones. Another reminder that smartphones aren’t built for security. Even when powered off, user data – including pins & seeds – can be extracted in under a minute.
— Charles Guillemet (@P3b7_) March 11, 2026
The flaw was identified by Ledger’s security research unit, Ledger Donjon, which demonstrated the exploit on the Nothing CMF Phone 1. According to the researchers, the vulnerability affects devices using MediaTek chipsets combined with Trustonic technology.
During testing, the team connected the phone to a laptop via USB and managed to bypass core security protections within about 45 seconds
Without even booting into the Android operating system, the exploit was able to automatically recover the device’s PIN, decrypt its storage, and extract seed phrases stored by several popular crypto wallet applications.
Researchers warned that because the exploit targets the phone’s underlying hardware security layer, it can be executed even when the device is powered off
In theory, this could expose sensitive information stored in software-based crypto wallet applications if an attacker gains temporary physical access to the device.
The issue has been assigned the identifier CVE-2025-20435 and could potentially affect millions of Android smartphones that rely on MediaTek processors and Trustonic’s TEE architecture.
Ledger Donjon said it followed a responsible disclosure process, notifying the affected vendors before publishing its findings. MediaTek confirmed that it provided a security fix to smartphone manufacturers on January 5, 2026, allowing device makers to deploy patches through software updates.
The research highlights an architectural difference between general-purpose smartphone chips and dedicated hardware designed for protecting cryptographic secrets.
Security experts note that while software-based crypto wallet apps offer convenience, dedicated hardware security components, such as secure elements, provide stronger protection for private keys and seed phrases, particularly in scenarios involving physical attacks on a device.
Your web3 identity + services + payments in one single link. Get your pay3.so link today.
Disclaimer: The information on this page may come from third parties and does not represent the views or opinions of Gate. The content displayed on this page is for reference only and does not constitute any financial, investment, or legal advice. Gate does not guarantee the accuracy or completeness of the information and shall not be liable for any losses arising from the use of this information. Virtual asset investments carry high risks and are subject to significant price volatility. You may lose all of your invested principal. Please fully understand the relevant risks and make prudent decisions based on your own financial situation and risk tolerance. For details, please refer to
Disclaimer.
Related Articles
Android Malware Families Target 800+ Banking, Crypto Apps With Near-Zero Detection Rates: Zimperium
Gate News message, April 25 — Cybersecurity firm Zimperium has identified four active malware families—RecruitRat, SaferRat, Astrinox and Massiv—targeting over 800 applications across banking, cryptocurrency and social media sectors. The campaigns employ advanced anti-analysis techniques and
GateNews35m ago
TRADOOR Token Crashes 90% in 30 Minutes Amid Suspected Price Manipulation and Wash Trading
Gate News message, April 25 — TRADOOR token experienced a sharp 90% price crash over 30 minutes at 2:00 AM today, according to on-chain analyst Specter. The token had surged as much as 900% since March 2026 before the sudden collapse, raising suspicions of price manipulation and coordinated
GateNews2h ago
Lending Protocol Purrlend Suffers Attack, Loses $1.52 Million Across MegaETH and HyperEVM
Gate News message, April 25 — Lending protocol Purrlend fell victim to attacks on both the MegaETH and HyperEVM networks today, resulting in losses of approximately $1.52 million.
Attackers extracted roughly $1.2 million in assets from the HyperEVM network, including 449,683 USDC, 214,125
GateNews2h ago
Ben Pasternak Arrested for Assault at NYC Hotel Amid $54M Crypto Fraud Lawsuit Over Believe Token
Gate News message, April 25 — Ben Pasternak, the 26-year-old Australian entrepreneur behind the Solana-based SocialFi platform Believe, was arrested on April 22 and charged with second-degree strangulation and two counts of third-degree assault following an alleged physical altercation with his ex-g
GateNews3h ago
Independent Researcher Cracks 15-Bit ECC Key, Wins Bitcoin Reward from Project Eleven
Gate News message, April 25 — Independent researcher Giancarlo Lelli successfully cracked a 15-bit ECC encryption key protecting Bitcoin and received the Q-Day Award plus 1 BTC from quantum security startup Project Eleven.
Lelli used publicly available quantum hardware and a variant of Shor's
GateNews5h ago
22-Year-Old California Crypto Launderer Sentenced to 70 Months for $263M Fraud Scheme
Gate News message, April 25 — Evan Tangeman, 22, from Newport Beach, California, was sentenced to 70 months in prison on April 24 for his role in laundering $263 million obtained through a massive cryptocurrency fraud scheme. The U.S. District Court in Washington, D.C., imposed the sentence
GateNews6h ago
