Critical MediaTek Flaw Lets Hackers Steal PINs and Wallets

Security researchers at Ledger's white‑hat Donjon team have uncovered a critical vulnerability in MediaTek chips that could allow attackers to extract PINs, messages, photos and even crypto wallet keys from affected Android devices.

According to the Donjon disclosure, the flaw sits at the chipset level and can be exploited to gain immediate access to sensitive data. More alarmingly, researchers say some attack scenarios can work while the phone appears to be switched off, because low‑power components remain active to handle background tasks like charging or alarms.

MediaTek supplies chips to a broad range of phone makers, which means the impact may be widespread. Donjon’s report suggests the bug could affect devices across multiple models and brands that use the vulnerable System-on-Chip (SoC) implementations. Ledger’s team emphasized that the issue is rooted in firmware and hardware interactions rather than a single app or operating system vulnerability.

For users, the upshot is straightforward but unsettling: data stored on a handset — including authentication PINs, messages, photos and cryptocurrency keys — could be exposed without obvious signs of compromise. Ledger and Donjon have reportedly coordinated responsible disclosure steps, but the complexity of distributing chipset firmware updates and vendor‑level patches means mitigation could take time.

If you’re concerned, basic precautionary steps are sensible: keep devices updated, avoid storing unrecoverable keys on phones when possible, and consider using hardware wallets or multi‑factor protections for high‑value accounts. Manufacturers and chipset vendors will need to issue firmware and software mitigations; carriers and OEMs also play a role in testing and rolling out fixes.

Donjon's finding is a stark reminder that underlying silicon still matters for end‑user security. As supply chains and device architectures grow more complex, vulnerabilities at the chip level can have sweeping effects — and patching them often requires coordination across multiple companies.