Ledger discovers vulnerability in cellphone chip that opens loophole for cryptocurrency theft

Source: PortaldoBitcoin Original Title: Ledger discovers flaw in cell phone chip that opens breach for cryptocurrency theft Original Link: An irreparable flaw in a widely used smartphone chip, developed by Taiwan-based MediaTek, allowed researchers to take full control of the device through a precisely timed electromagnetic attack, according to new findings published Wednesday by Ledger, a cryptocurrency wallet provider.

The vulnerable code resides in the chip’s boot ROM, the initial stage of the boot process, which means it cannot be fixed with a software update.

Ledger’s Donjon team examined the MediaTek Dimensity 7300 (MT6878), a 4-nanometer system-on-chip found in many Android phones.

By applying carefully synchronized electromagnetic pulses during the chip’s initial boot sequence, the researchers managed to bypass memory access checks and escalate to privilege level EL3, the highest in the ARM architecture.

“From malware that users can be tricked into installing on their machines, to fully remote, easily available exploits commonly used by government entities, there is simply no way to securely store and use [cryptocurrency wallet] private keys on these devices,” they wrote.

Once the precise timing window was identified, each Donjon team attempt took about one second and had a success rate of 0.1% to 1%, allowing for a full breach within minutes under laboratory conditions.

While Ledger is best known for its popular Nano hardware wallets, it did not explicitly say not to use smartphone-based wallets. The report suggests a new threat vector targeting software developers and users.

The report comes at a time when attacks against cryptocurrency holders are on the rise.

A Chainalysis report stated that over $2.17 billion has been stolen from cryptocurrency services so far in 2025, more than the entire year of 2024.

Although physical attacks are increasing, most cryptocurrency-related thefts are perpetrated by hackers through phishing attacks or scams.

Hardware and Software Cryptocurrency Wallets

A cryptocurrency wallet is a software that stores a user’s public and private keys and allows them to send, receive, and monitor digital assets.

Hardware wallets, or “cold wallets,” go a step further by keeping these private keys offline in a separate physical device, disconnected from the internet and protected from attacks that can target phones or computers.

Software wallets, or “hot wallets,” are applications that allow users to store their digital assets on various devices, but leave them vulnerable to breaches and phishing attacks.

MediaTek, in a statement included in the Ledger report, said that electromagnetic fault injection attacks were “out of scope” for the MT6878, as the chipset was designed as a consumer component, not as a high-security module for financial or sensitive systems.

“For products with higher hardware security requirements, such as hardware wallets for cryptocurrencies, we believe they should be designed with appropriate countermeasures against EMFI attacks,” they wrote.

Ledger stated that devices built with the MT6878 remain vulnerable because the flaw resides in immutable silicon.

Secure element chips, the company added, remain necessary for users who rely on self-custody or handle other sensitive cryptographic operations, as these components are specifically designed to withstand hardware and software attacks.

“The threat model of smartphones, just like any technology that can be lost or stolen, cannot exclude hardware attacks,” Ledger wrote. “But the SoCs they use are no more immune to fault injection effects than microcontrollers, and security must ultimately depend on Secure Elements, especially for self-custody.”