Ledger Donjon Finds MediaTek Flaw Exposing Android Wallet Seeds
The post Ledger Donjon Finds MediaTek Flaw Exposing Android Wallet Seeds appeared on BitcoinEthereumNews.com.
Ledger Donjon exposed a MediaTek vulnerability that extracts Android wallet seed phrases in under 45 seconds, affecting millions of devices. CVE-2025-20435. Ledger Donjon has uncovered a serious MediaTek vulnerability. It lets attackers pull wallet seed phrases from Android phones in seconds. The phone does not even need to be on. Charles Guillemet, posting as @P3b7_ on X, broke the findings publicly. He confirmed that @DonjonLedger had once again discovered a flaw with serious reach. According to Guillemet on X, user data, including PINs and seed phrases, can be extracted in under a minute, even from a powered-off device. The scale here matters. Millions of Android phones run MediaTek processors. Trustonic’s Trusted Execution Environment is also caught in this. Your Phone Off Means Nothing Now As Guillemet tweeted on X, the Ledger Donjon team plugged a Nothing CMF Phone 1 into a laptop. Within 45 seconds, the phone’s foundational security was gone. No complicated setup. No special hardware. Just a laptop connection and a timer. Worth a read: Crypto security threats are rapidly escalating heading into 2026 The exploit never even touched Android. As Guillemet posted on X, the attack automatically recovered the PIN, decrypted device storage, and pulled seed phrases from the most popular software wallets. All before the operating system loaded. That is not a small gap. That is a structural failure. The Chip Architecture Problem Nobody Wanted to Admit General-purpose chips trade security for speed and ease. Guillemet made that point directly in his X thread. A dedicated Secure Element keeps secrets isolated from everything else on the device. MediaTek chips were not built that way. Trustonic’s TEE sits inside the same chip handling everyday tasks. Physical access collapses that boundary. You might also like: How 2025 became crypto’s most damaging year for security This is not the…
Filed under: News - @ March 13, 2026 1:10 am