Ledger said on Wednesday, March 11, that it has discovered a vulnerability that could affect as much as 25% of Android phones, letting hackers steal users’ private keys, according to a press release shared with The Defiant.
The hardware wallet company’s in-house white-hat security team, the Donjon, has disclosed a critical vulnerability in Android smartphones powered by MediaTek chips that allows an attacker to extract user data — including wallet seed phrases and PINs — in under a minute, even when the phone is off.
In a proof-of-concept test, the Donjon plugged a Nothing CMF Phone 1 into a laptop and, within 45 seconds, was able to recover the device's PIN, decrypt its storage, and extract seed phrases from six major crypto wallet apps: Trust Wallet, Base, Kraken Wallet, Rabby, tangem, and Phantom.
To continue reading this as well as other DeFi and Web3 news, visit us at thedefiant.io
