Ledger Reveals Unpatchable Security Flaw in MediaTek Smartphone Chip, Threatening Crypto Wallets

04.12.2025 05:53 10 sources negative

Crypto hardware wallet provider Ledger has disclosed a critical, unpatchable vulnerability in a widely used smartphone chip from MediaTek. The flaw, found in the MediaTek Dimensity 7300 (MT6878) system-on-chip (SoC), allows attackers to gain complete and absolute control over a device through a physical electromagnetic fault injection (EMFI) attack.

Ledger's security research team, Donjon, detailed in a report published on Wednesday that by applying precisely timed electromagnetic pulses during the chip's initial boot process, they could bypass all security measures and escalate to the highest privilege level (EL3) in the ARM architecture. This grants an attacker the ability to extract private keys stored on the device, directly threatening the security of cryptocurrency wallets held on smartphones.

The vulnerability is located in the chip's boot ROM (Read-Only Memory), which is coded into the silicon during manufacturing. This means the flaw cannot be fixed via a software update or patch, leaving all devices using this chip permanently vulnerable. MediaTek, in a statement included in Ledger's report, acknowledged that electromagnetic fault injection attacks are "out of scope" for the MT6878, as it is a consumer-grade component not designed for high-security financial applications like hardware security modules (HSMs).

While the success rate of a single attack attempt is low—between 0.1% and 1%—the process can be repeated every second. Ledger researchers Charles Christen and Léo Benito stated that this allows an attacker to gain full access in "only a matter of a few minutes" under lab conditions. They began the experiment in February and successfully exploited the chip in early May, promptly disclosing the findings to MediaTek's security team.

The report underscores a growing threat vector for cryptocurrency users who rely on smartphone-based "hot" wallets for self-custody. Ledger emphasized that secure-element chips, like those used in its hardware wallets, are specifically designed to withstand such physical attacks and remain necessary for safeguarding private keys. The findings were published amid a surge in crypto-related thefts, with over $2.17 billion stolen from services in 2025 alone according to a July Chainalysis report.

Sources
Ledger found a security flaw in common Android chip
cryptopolitan.com 05.12.2025 05:00
Android Phone Users Beware: Security Vulnerability Detected for Cryptocurrencies
Bitcoin Sistemi 04.12.2025 21:08
Ledger Warns: Chip Used in Solana Phones Exposed to ‘Unstoppable’ Security Flaw
Financefeeds 04.12.2025 19:35
Top Today
yesterday / 20:26 10 sources
Fed Cuts Rates 25 bps, Bitcoin and Crypto Markets Whipsaw Amid Mixed Signals
BTC BTC -0.73%
ETH ETH -0.13%
SOL SOL -1.11%
XRP XRP -2.66%
BNB BNB -0.71%
yesterday / 19:52 12 sources
Federal Reserve Cuts Benchmark Interest Rate by 25 Basis Points, Signaling Shift for Crypto Markets
BTC BTC -0.73%
ETH ETH -0.13%
yesterday / 17:10 7 sources
American Bitcoin Corp Expands Bitcoin Treasury by 416 BTC, Holdings Now Total 4,783 Coins
BTC BTC -0.73%
yesterday / 16:26 8 sources
Strive Unveils $500M Capital Program to Expand Bitcoin Treasury Holdings
BTC BTC -0.73%
yesterday / 16:07 7 sources
Sei Partners with Xiaomi for Pre-Installed Crypto App on 680 Million Smartphones
SEI SEI +3.54%
yesterday / 15:33 8 sources
Tether Expands Beyond Stablecoins with QVAC Health Platform and €70M Robotics Investment
USDT USDT
yesterday / 14:35 8 sources
BOLTS Launches Quantum-Resilience Pilot on Canton Network to Secure $6 Trillion in Real-World Assets