Ledger Finds Popular Smartphone Chip Vulnerable to Unpatchable Attacks

An unpatchable flaw in a widely used smartphone chip developed by Taiwan-based MediaTek allowed researchers to take full control of the device through a precisely timed electromagnetic attack, according to new findings published on Wednesday by crypto wallet provider Ledger.

The vulnerable code sits in the chip’s boot ROM, the earliest stage of the startup process, meaning it cannot be corrected with a software update.

Ledger’s Donjon team examined the MediaTek Dimensity 7300 (MT6878), a 4-nanometer system-on-chip found in many Android phones.

By applying carefully timed electromagnetic pulses during the chip’s initial boot sequence, the researchers were able to bypass memory-access checks and escalate into EL3, the highest privilege level in the ARM architecture.

“From malware that users could be tricked into installing on their machines, to fully remote, zero-click exploits commonly used by government-backed entities, there is simply no way to safely store and use one’s private keys on those devices,” they wrote.

The report comes at a time when attacks targeting cryptocurrency holders are on the rise.

A July report by Chainalysis said over $2.17 billion has been stolen from cryptocurrency services so far in 2025; more than the entirety of 2024.

While physical attacks are growing, the majority of crypto-related thefts are perpetrated by hackers through phishing attacks or scams.

Once they identified the precise timing window, each attempt by the Donjon team took about a second and had a success rate of 0.1%-1%, allowing a full compromise within minutes under lab conditions.

While Ledger is best known for its popular Nano hardware wallets, it did not outright say not to use smartphone-based wallets. The report suggests a new threat vector targeting software developers and users.

Ledger did not immediately respond to requests for comment by Decrypt.

Hardware and software crypto wallets

A cryptocurrency wallet is software that stores a user’s public and private keys and lets them send, receive, and monitor digital assets.

Hardware wallets or “cold wallets” go a step further by keeping those private keys offline on a separate physical device, detached from the internet and shielded from attacks that can reach phones or computers.

Software wallets or “hot wallets” are apps that allow users to store their digital assets on a variety of devices, but leave the user open to hacks and phishing attacks.

MediaTek, in a statement included in Ledger’s report, said electromagnetic fault-injection attacks were “out of scope” for the MT6878 because the chipset was designed as a consumer-grade component rather than as a high-security module for financial or sensitive systems.

“For products with higher hardware security requirements, such as hardware crypto wallets, we believe that they should be designed with appropriate countermeasures against EMFI attacks,” they wrote.

Ledger said devices built on the MT6878 remain exposed because the flaw resides in unchangeable silicon.

Secure-element chips, the company added, remain necessary for users who rely on self-custody or handle other sensitive cryptographic operations, since those components are designed specifically to withstand both hardware and software attacks.

“Smartphones’ threat model, just like any piece of technology that can be lost or stolen, cannot reasonably exclude hardware attacks,” Ledger wrote. “But the SoCs they use are no more exempt from the effects of fault injection than microcontrollers are, and security should really ultimately rely on Secure Elements, especially for self-custody.”