Skip to main content

45 Seconds to Drain Your Wallet: Inside Ledger's MediaTek Dimensity 7300 Exploit

· 9 min read
Dora Noda
Dora Noda
Software Engineer

Plug a USB cable into a Nothing CMF Phone 1. Wait 45 seconds. Walk away with the seed phrase to every hot wallet on the device.

That is not a theoretical threat model. It is a live demo Ledger's Donjon research team published on March 11, 2026, targeting MediaTek's Dimensity 7300 (MT6878) — a 4nm system-on-chip shipping in roughly a quarter of Android phones worldwide, and the exact silicon Solana's flagship Seeker handset was built around. The flaw lives in the chip's boot ROM, the read-only code that runs before Android even loads. It cannot be patched. It cannot be mitigated by an OS update. The only fix is a new chip.

For the tens of millions of users who trust their smartphone as a crypto wallet, this is the moment the "mobile-first self-custody" narrative collided with the physics of silicon.

What Ledger's Donjon Actually Found

The attack is a textbook electromagnetic fault injection (EMFI), executed with lab gear but published as a reproducible recipe. Researchers placed an EM pulse probe above the Dimensity 7300 while the phone cold-booted, then timed a pulse to coincide with the boot ROM's memory-access checks. One well-placed pulse flipped a handful of bits at exactly the right moment and escalated execution into EL3 — the ARM architecture's highest privilege level, above the kernel, above the hypervisor, above every software-enforced boundary on the chip.

From EL3, everything else is downstream. The attacker can:

  • Read the device encryption keys stored in hardware
  • Decrypt the flash storage
  • Extract Android's lock-screen PIN
  • Dump any wallet seed protected only by that PIN

Ledger's team confirmed successful extractions on Trust Wallet, Kraken Wallet, Phantom, Base Wallet, Rabby, and Tangem's mobile wallet. End-to-end, the Donjon plugged in a Nothing CMF Phone 1 over USB and had the seeds in under 45 seconds.

The only precondition is physical access to an unlocked-or-locked phone and a USB cable. No zero-day on the OS, no social engineering, no malware, no user interaction.

Why a Boot ROM Bug Is a Civilization-Scale Problem

Most vulnerabilities disclosed in 2026 ship with a CVE and a patch the same week. This one does not — and it structurally cannot.

The boot ROM is fused into the silicon at the foundry. It runs first, before the bootloader, before the trusted execution environment, before any code that MediaTek or Google or Samsung could update over the air. Once a chip leaves the factory, its boot ROM is immutable. An exploit in that code is, for the life of the device, a permanent keyhole.

Researchers estimate the Dimensity 7300 and its close relatives sit inside roughly 25% of Android phones globally, including models from Samsung, Motorola, Xiaomi, POCO, Realme, Vivo, OPPO, Tecno, and iQOO. That is hundreds of millions of devices that will never receive a software fix for this issue — they age out of the market instead.

The Solana Seeker Problem

The most uncomfortable detail for crypto-native users: the Solana Seeker, marketed as a "Web3 phone" and sold with direct custody of seed phrases as a core feature, runs on the Dimensity 7300.

Solana Mobile's design concentrates value exactly where this exploit lands. The Seeker keeps private keys in what it calls the "Seed Vault," a hardware-backed keystore on the main application processor — the same processor whose boot ROM can now be bypassed via an EM pulse. Seed Vault leans on Android's TEE and the SoC's hardware-backed keystore, both of which sit beneath EL3. If an attacker reaches EL3 via the boot ROM, the entire keystore threat model inverts: the "secure" zone is under the attacker's control.

Solana Mobile has not, as of this writing, issued an updated threat model. But the design choice is now public: a Web3 phone that stores keys on a consumer-grade SoC is no more hardened than any other Android handset using the same silicon.

MediaTek's Response: "Out of Scope"

MediaTek's official statement to the security press was surprisingly candid. The company said EMFI attacks were "out of scope" for the MT6878 because the chipset was designed as a consumer-grade component, not a financial-grade secure element. For products requiring higher security — explicitly naming hardware crypto wallets — MediaTek said designers should "include appropriate countermeasures against EMFI attacks."

Translation: this chip was never supposed to be a vault. The industry built vaults on top of it anyway.

That framing is technically correct and strategically devastating. It means every Android crypto wallet, every mobile passkey, every in-phone key store is now operating outside the vendor's own declared security model whenever a Dimensity 7300 is in the BOM.

What a Real Secure Element Looks Like

The entire point of a dedicated secure element (SE) chip — the EAL6+ and EAL7-certified silicon inside Ledger's own hardware wallets, YubiKeys, SIM cards, and payment cards — is to survive exactly the class of attack Donjon just demonstrated. Secure elements are designed with:

  • Active shields that detect probe attempts and wipe the chip
  • Voltage and clock glitch detection on every clock cycle
  • Light and EM sensors that trip tamper flags
  • Randomized internal clocks that make timed fault injection statistically impractical
  • Redundant execution of sensitive operations with cross-checks

Consumer-grade SoCs like the Dimensity 7300 have none of this. They are optimized for performance-per-watt and die area, not for surviving a researcher with an EM probe and patience. The cryptographic operations they perform happen in general-purpose compute surrounded by software-enforced boundaries — which, as Donjon proved, bend under physical attack.

This is the line Ledger drew in its own disclosure: secure elements remain necessary for anyone doing self-custody or sensitive cryptography, precisely because they are engineered against hardware attacks. It is a self-serving statement from a hardware wallet vendor, and it is also correct.

Which Users Actually Need to Act

Not every Dimensity 7300 owner is a crypto whale. The practical risk model matters:

High risk — act now:

  • You store more than you could afford to lose in a hot wallet on an affected phone
  • Your phone is occasionally out of your direct control (travel, repair shops, border crossings, shared households)
  • You use a Solana Seeker as your primary custody device
  • You rely on mobile passkeys protecting high-value accounts (exchanges, email, cloud storage with recovery keys)

Medium risk — plan a migration:

  • You hold long-tail assets in mobile hot wallets with a Dimensity 7300 or related MediaTek SoC
  • You carry the device through environments where targeted theft is plausible

Lower risk:

  • Funds are already held on a dedicated secure-element hardware wallet (Ledger, Trezor Safe, Coldcard, Keystone, etc.)
  • Mobile wallet balances are small and treated as hot-wallet float

For anyone in the first two tiers, the move is the same as it has always been: get funds behind a dedicated secure element. Migrate large balances to a hardware wallet whose entire reason for existing is to resist physical attacks. Treat mobile wallets as spending accounts, not savings accounts.

The Broader Lesson for Web3 Infrastructure

This disclosure lands in the middle of a years-long architectural argument. One camp — Solana Mobile, smartphone-integrated wallets, passkey maximalists — has argued that ubiquitous consumer silicon is "good enough" and that the UX win of a single device justifies the security tradeoff. The other camp — Ledger, Trezor, the hardware-wallet old guard — has insisted that self-custody requires purpose-built silicon.

Donjon's 45-second demo is not the end of that argument, but it is a decisive data point. The cost of an EMFI rig has dropped from six figures a decade ago to something a well-funded research lab or organized criminal group can assemble today. When the floor of practical attacks drops, the ceiling of acceptable silicon rises. Consumer SoCs that were "probably fine" in 2020 are now documented to fail in under a minute.

For builders, the takeaway is sharper: any architecture that asks a user's general-purpose phone to act as the final vault has inherited a class of unpatchable risk. Multi-party computation, threshold signatures, social recovery, and dedicated secure elements are not paranoia — they are the hedge against exactly this kind of silicon-level surprise.

Looking Ahead

MediaTek will not fix this. No OTA can. The Dimensity 7300 will keep shipping until its product cycle ends, and the installed base will remain exposed for years. Expect three things to follow:

  1. A quiet migration of crypto-native users off Android hot wallets and onto hardware wallets or MPC-based services, visible first in support-ticket volume and second in on-chain flows out of mobile-wallet-associated addresses.
  2. A repricing of "Web3 phone" narratives, with Solana Seeker forced to publish an updated threat model or pivot its custody architecture toward an external secure element.
  3. More disclosures. Donjon rarely publishes alone — if the Dimensity 7300 fell in 45 seconds, other consumer SoCs currently marketed as safe for key storage deserve the same scrutiny, and will get it.

The phone in your pocket is an extraordinary computer. It is not a vault. The sooner that distinction is reflected in how the industry builds custody, the fewer 45-second disasters we will read about in 2027.

BlockEden.xyz provides enterprise-grade blockchain infrastructure across Sui, Aptos, Ethereum, Solana, and more — the kind of foundation where the threat model is documented, the silicon is purpose-built, and the failure modes are known. Explore our API marketplace to build on infrastructure designed to last.

Sources

Share on Twitter