星球日报
星球日报|3月 11, 2026 13:03
Ledger security team discovers Android vulnerability, can extract encrypted wallet mnemonic words within 45 seconds Odaily Planet Daily News: Ledger's security research team Donjon has discovered a vulnerability in the MediaTek processor's secure boot chain. Attackers can extract encryption keys and decrypt device storage through a USB connection before the operating system loads, in physical contact with the phone, and obtain the device PIN code and encrypted wallet mnemonic words within about 45 seconds. In the proof of concept testing, the vulnerability successfully extracted sensitive data from wallet applications such as Trust Wallet, Kraken Wallet, and Phantom. Researchers say that the vulnerability may affect about 25% of Android phones, involving models using MediaTek chips and Trustonic trusted execution environment. Charles Guillemet, Chief Technology Officer of Ledger, stated that smartphones were never designed as safes, and although this vulnerability can be fixed through patches, it indicates inherent risks in storing keys on non secure devices. Users are advised to update security patches as soon as possible. According to TRM Labs data, over 80% of the $2.1 billion in stolen encrypted assets in the first half of 2025 were due to infrastructure attacks such as private key theft, mnemonic word theft, and front-end hijacking. According to Chainalysis data, the total loss from cryptocurrency theft in 2024 exceeded 3.41 billion US dollars, and the proportion of personal wallet theft increased from 7.3% in 2022 to 44% in 2024.
+6
Mentioned
Share To

Timeline

HotFlash

APP

X

Telegram

Facebook

Reddit

CopyLink

Hot Reads