MediaTek Flaw Exposes Millions of Android Phones to Crypto Theft Risks
A major security flaw in MediaTek processors has left millions of Android phones vulnerable to crypto theft. The issue, uncovered by Ledger's Donjon research team, allows attackers to extract sensitive data—even when devices are powered off. Experts warn that both software and hardware wallets remain at risk despite their security features.
The vulnerability, identified as CVE-2026-20435, was exposed on March 12, 2026. It affects roughly one in four Android devices globally, primarily entry-level and mid-range smartphones. Brands like Samsung, Oppo, Vivo, OnePlus, and Nothing are among the most impacted due to their reliance on MediaTek chips.
Attackers exploiting this flaw can steal phone PINs and crypto seed phrases within minutes. Proof-of-concept tests confirmed successful breaches against popular software wallets, including Trust Wallet, Kraken Wallet, and Phantom. Even iOS users faced risks earlier, as demonstrated by the Coruna vulnerability targeting older Apple devices. Hardware wallets, such as Ledger and Trezor, are generally more secure because they store private keys on separate chips. However, they are not foolproof. Social engineering, supply chain attacks, or physical extraction can still compromise them. Charles Guillemet, Ledger's CTO, highlighted the scale of the threat, noting that Android's global dominance puts millions at risk. For enhanced protection, experts recommend multisignature (multisig) wallets, which require multiple authorisations for transactions.
The MediaTek vulnerability underscores persistent risks in crypto storage, regardless of wallet type. Users are advised to update their devices and consider additional security measures like multisig setups. Without patches, affected Android phones remain exposed to potential theft of sensitive financial data.
