Key takeaways
- Ledger Donjon demonstrates seed phrase extraction from Android phones via USB in under 45 seconds
- MediaTek's secure boot chain flaw exposes roughly 25% of Android devices using Trustonic TEE
- Trust Wallet, Kraken Wallet, and Phantom are among the mobile wallets confirmed vulnerable to extraction
The Flaw
Ledger's security research unit, Donjon, disclosed a vulnerability in Android devices running MediaTek processors that allows an attacker with physical USB access to extract seed phrases, device PINs, and decrypted storage contents in under 45 seconds. The attack works without booting into Android at all, exploiting weaknesses in MediaTek's secure boot chain mechanism and the Trustonic trusted execution environment (TEE).
The research team demonstrated the exploit on a Nothing CMF Phone 1 running a MediaTek Dimensity 7300 chipset. Approximately 25% of Android smartphones currently in circulation use the affected MediaTek and Trustonic combination.
'Without ever booting into Android, the exploit automatically recovered the phone's PIN.'
What Gets Exposed
The wallets confirmed vulnerable to seed phrase extraction include Trust Wallet, Kraken Wallet, Phantom, Base, Rabby, and Tangem Mobile Wallet. According to estimates, roughly 36 million people were managing digital assets on mobile as of early 2025. Infrastructure attacks, including private key and seed phrase theft, accounted for over 80% of the $2.1 billion stolen in the first half of 2025, according to TRM Labs.
Ledger CTO Charles Guillemet put it plainly:
'Smartphones aren't built for security. Even powered off, data including pins and seeds can be extracted in under a minute.'
Patch and Response
MediaTek issued a patch on January 5, 2026, following Ledger's responsible disclosure in December 2025. The public disclosure came on March 12, 2026. Users running affected devices should apply the latest security updates immediately from their device manufacturer.
Why It Matters
If you are managing any meaningful amount of bitcoin on a mobile phone, this should be a wake-up call. Mobile devices were designed for convenience, not for securing bearer assets. The fact that a powered-off phone can yield your seed phrase through a USB cable in less time than it takes to make coffee is the hardware-level argument for dedicated signing devices. Update your phone, move your funds to a hardware wallet, and stop treating a general-purpose computer as a vault.
