Android Security Flaws Expose Crypto Wallets to Theft
A critical security vulnerability in MediaTek chips, affecting approximately 25% of Android devices, allows attackers with physical access to extract sensitive data, including crypto wallet seed phrases and PINs, in under a minute. Discovered by Ledger’s security team (Donjon) and initially reported to MediaTek in May 2025, the flaw resides in the boot ROM and bypasses Android’s security measures even before the operating system loads. Exploitation involves manipulating voltage during startup via a USB connection. While MediaTek released a patch in January 2026, users must install the latest security updates to be protected. Affected wallets include Trust Wallet, Kraken Wallet, and Phantom. Separately, the Bonk.fun platform suffered a domain hijacking resulting in a wallet drainer, causing significant losses for some users. In contrast, Mastercard launched a Crypto Partner Program with over 85 industry players, signaling growing integration of digital assets into traditional finance. XRP ETFs have also seen substantial inflows, with Goldman Sachs leading institutional holdings. These events highlight the ongoing security challenges and increasing institutional interest in the crypto space.
Key Points
- 1MediaTek chip vulnerability allows rapid extraction of crypto wallet data.
- 2Bonk.fun platform compromised by hackers, leading to wallet drains.
- 3Mastercard expands crypto partnerships, indicating mainstream adoption.
Market Impact
The MediaTek vulnerability erodes trust in mobile crypto wallet security, potentially driving users towards hardware wallets. Mastercard's initiative and positive ETF inflows suggest continued institutional investment in the crypto market despite ongoing security concerns.