Researchers from the Donjon team at Ledger found a security issue in MediaTek processors. These chips are often found in Android smartphones.
According to them, this vulnerability allows attackers to obtain the phone’s PIN code and the crypto wallet’s seed phrase. It only takes a few seconds. Moreover, the attack is possible even when the device is turned off.
To verify this, the team conducted a practical test. As a result, they were able to access data from some hot crypto wallets.
Among the apps found to be vulnerable were Trust Wallet, Kraken Wallet and Phantom.
Theft of Cryptocurrency on Android
Charles Guillaume, CTO of Ledger, pointed out another smartphone security issue. According to him, such devices were not originally designed as a reliable place to store sensitive data, including crypto keys.
He noted that the discovered vulnerability could have affected millions of Android devices. This operating system remains the most widespread in the world, largely because smartphones based on it are cheaper and available in more countries.
See also: The BONK.fun Hack Led to the Launch of a Malicious Script to Steal Funds
After the vulnerability became known, MediaTek released an update to fix the issue. Trust Wallet also made changes to its security system and added a feature to prevent cryptocurrency address substitution.
Which Cryptocurrency Storage Method Is Considered Safe
Hardware or cold wallets like Ledger and Trezor are usually considered a more reliable option. They have their own storage architecture, which already gives them a security advantage.
But in practice, most people still choose hot wallets. It’s simpler: they are more convenient, faster, and cheaper. For this reason, most users prefer them.
However, cold storage does not protect against all problems. People lose access to funds due to scams, device swaps, theft of the wallet itself, or simply their own carelessness.
One of the most notable cases happened in South Korea. There, the tax service accidentally published the seed phrase from a seized hardware wallet.
Another example is a recent case in France. There, a couple had nearly $1 million in bitcoin stolen after a physical coercion attack, where attackers forced the victim to give access to their crypto wallet.
See also: The ECB Unveiled the Appia Roadmap for Central Bank Money on Europe’s Tokenized Markets
Security issues also occur at the operating system level. iOS users have also faced vulnerabilities. For example, the Coruna bug allowed sensitive cryptocurrency-related data to be accessed on older versions of iOS.
Even when running your own node, private keys can be stolen. That is why some experts consider multisignature wallets to be one of the most reliable ways to store cryptocurrency.
