Svmuu News: Donjon, Ledger’s security research team, has discovered a vulnerability in the secure boot chain of MediaTek processors. Allowing an attacker, with physical access to the phone, to extract encryption keys via a USB connection before the operating system loads, decrypt the device storage, and obtain the device PIN and crypto wallet mnemonic phrases in approximately 45 seconds. In proof-of-concept testing, the vulnerability successfully extracted sensitive data from wallet apps such as Trust Wallet, Kraken Wallet, and Phantom. Researchers indicate that the vulnerability may affect approximately 25% of Android phones, specifically models using MediaTek chips and the Trustonic Trusted Execution Environment. Charles Guillemet, CTO of Ledger, stated that smartphones were never designed to be vaults. While the vulnerability can be fixed with a patch, it highlights the inherent risks of storing keys on non-secure devices, and he advised users to apply security patches as soon as possible. According to TRM Labs data, of the $2.1 billion in crypto assets stolen in the first half of 2025, over 80% resulted from infrastructure attacks such as private key theft, mnemonic phrase theft, and front-end hijacking. Chainalysis data shows that losses from crypto thefts exceeded $3.41 billion in 2024, with the proportion of thefts from personal wallets rising from 7.3% in 2022 to 44% in 2024.