Ledger’s Donjon security team disclosed that it had uncovered a hardware flaw in MediaTek processors, alongside related weaknesses in Android’s WebView, that together created a path for attackers to extract wallet recovery seeds from vulnerable phones. The research showed that the combination of chip-level and software-level weaknesses could break through protections many users assume are sufficient for mobile wallet security.
What makes the finding especially serious is the speed and depth of the attack chain. In Ledger’s testing, attackers were able to expose recovery phrases and encryption keys in as little as 45 seconds, turning a brief compromise window into a potentially catastrophic wallet event for affected users.
A hardware weakness at the root of the problem
At the center of the research is a Boot ROM vulnerability in MediaTek chips, particularly the Dimensity 7300 family, that weakens the secure boot process before the operating system even starts. Because the issue sits in immutable Boot ROM code, it cannot be fully corrected through an ordinary software patch.
Ledger found that an attacker with physical access to a vulnerable device could interfere with startup using techniques such as voltage glitching or electromagnetic interference. That interference can force the processor to skip security checks and escalate privileges high enough to extract full-disk encryption keys before Android has fully loaded.
The practical reach of the issue is not marginal. Ledger’s estimate suggests that as many as 25% of Android phones using affected MediaTek chips could fall within the broader impact range, especially among budget and mid-range devices. Among the examples confirmed as susceptible were the Nothing CMF Phone 1 and the Solana Seeker.
The risk also extends directly into wallet usage. Ledger demonstrated that wallet applications including Trust Wallet, Kraken Wallet, and Phantom were vulnerable to seed extraction when used on affected devices under these hardware-compromise conditions.
WebView weaknesses widen the attack surface
The hardware issue was only part of the picture. Ledger’s research also identified WebView-based attack paths that do not require a hardware exploit at all, making the threat broader than a purely physical-device scenario.
According to the findings, malware such as SeedSnatcher can abuse phishing overlays and Android’s “Display over other apps” permission to intercept user input or present convincing fake wallet interfaces. In those cases, the attack relies less on breaking the device and more on tricking the user inside a trusted-looking environment.
Ledger also pointed to weaknesses in JavaScript bridges, exposed deep links, and policy gaps in privileged browser panels. Those design and configuration problems can allow malicious content injection inside WebView-hosted wallet flows, creating a route to capture recovery phrases displayed during setup or recovery.
Google distributes Android System WebView updates through the Play Store, but the protection only works when users actually install them. Ledger made clear that devices running outdated WebView versions remain exposed to software-only attacks that can be delivered remotely or through malicious applications.
Why the findings matter for wallet operations
A short period of physical access to a vulnerable phone may be enough for an attacker to extract secrets and empty wallets, especially when recovery phrases or sensitive wallet operations are handled on the device.
The findings go beyond consumer hygiene and reach policy design. The research changes the risk profile of mobile signing and hot-wallet usage by showing that a phone can fail at both the hardware and application layers in ways that standard software defenses cannot fully stop.
The strongest takeaway from the report is operational rather than theoretical. Immediate WebView and app updates, stricter physical-device controls, a refusal to store seed phrases on general-purpose phones, and greater reliance on dedicated hardware wallets or segregated custody are the clearest responses to the risks Ledger described.
