Ledger’s Donjon research team has identified security vulnerabilities in MediaTek processors (commonly used on Android phones) that allow malicious actors to steal users’ phone pins and their crypto seed phrases within seconds. The attack is said to occur even when devices are switched off.
The team conducted a proof-of-concept test, where they successfully obtained sensitive information pertaining to several software (a.k.a hot) crypto wallets. Victims included Trust Wallet, Kraken Wallet, and Phantom.
Charles Guillemet, the Chief Technology Officer at Ledger hardware wallet company, noted the development as a “reminder that smartphones aren’t built for security.”
Guillemet added that it could have affected “millions” of Android phones, since they dominate global use due to economic and availability factors.
Following the report, MediaTek took action to fix the bug, while Trust Wallet introduced a new security feature preventing crypto address tampering.
Hardware/cold wallets, such as Ledger and Trezor, have gained a reputation for providing better security to cryptocurrencies as compared to software wallets. This is because they utilize chips that are separate from the phone’s main processor.
Still, at 78% global use, hot wallets are the dominant choice among crypto holders due to their cost efficiency and ease of use.
Even then, users of cold storage have fallen victim to crypto theft through social engineering, supply chain tampering, physical device extraction, and blatant recklessness.
A good example of the latter is the South Korean Tax Service, which accidentally posted the seed phrase to a seized crypto hard wallet. An example of brute force or wrench attacks is the recent case of the French couple who were robbed of almost $1 million in Bitcoin.
As for operating systems, iOS users have not been fully spared, with the Coruna vulnerability mining sensitive cryptocurrency information on older iOS versions.
User keys can still be stolen when running a node, so perhaps multisig wallets are one of the most “fireproof” methods of storing cryptocurrencies.
CoinPedia has been delivering accurate and timely cryptocurrency and blockchain updates since 2017. All content is created by our expert panel of analysts and journalists, following strict Editorial Guidelines based on E-E-A-T (Experience, Expertise, Authoritativeness, Trustworthiness). Every article is fact-checked against reputable sources to ensure accuracy, transparency, and reliability. Our review policy guarantees unbiased evaluations when recommending exchanges, platforms, or tools. We strive to provide timely updates about everything crypto & blockchain, right from startups to industry majors.
All opinions and insights shared represent the author's own views on current market conditions. Please do your own research before making investment decisions. Neither the writer nor the publication assumes responsibility for your financial choices.
Sponsored content and affiliate links may appear on our site. Advertisements are marked clearly, and our editorial content remains entirely independent from our ad partners.
Something is shifting in how serious money thinks about digital assets. Juan Leon, Senior Investment…
In recent crypto news, Flare launched an FXRP/USDH market on Hyperliquid to improve its cross-chain…
Most blockchains burn tokens to reduce supply. Pi Network is taking a different route, and…
Bitcoin slipped below $76,000 after Iran closed the Strait of Hormuz, prompting caution across global…
A security incident at Kelp, a liquid restaking protocol, has sent ripple effects through decentralised…
As of this week, Cardano is entering a key network upgrade phase with the Van…
