Ledger warns MediaTek chip flaw enables private key theft

Ledger on Wednesday reported a hardware weakness in MediaTek’s Dimensity 7300 (MT6878) used in the crypto-focused Solana Seeker and other smartphones. The issue can be exploited with electromagnetic pulses during the chip’s boot process to gain full device control and access to private keys stored on the phone.

Security engineers Charles Christen and Léo Benito from Ledger described how electromagnetic fault injection during system initialization let them bypass the system-on-chip’s defenses. In their tests, the exploit delivered “full and absolute control over the smartphone, with no security barrier left standing.”

According to Ledger, the weakness is embedded in silicon and cannot be fixed with a software update or patch. The engineers reported a low per-attempt success rate of 0.1% to 1%, but noted that rebooting and attempting an injection roughly once per second can yield access within minutes. “There is simply no way to safely store and use one’s private keys on those devices,” they wrote.

MediaTek, in a response shared with Ledger, indicated that electromagnetic fault injection is out of scope for the MT6878. The company explained that the chipset is intended for consumer products rather than finance or hardware security modules and “is not specifically hardened against EMFI hardware physical attacks.” It added that products with higher security needs, such as dedicated crypto wallets, should implement countermeasures.

Christen and Benito began the research in February and achieved a working exploit in early May. The findings were provided to MediaTek’s security team, which then informed affected vendors.

The Solana Seeker is among devices built on the Dimensity 7300. Ledger’s team emphasized that any handset using this chip and storing private keys locally could be exposed, since the attack targets the boot sequence rather than a specific app or the operating system.

Crypto wallets depend on protecting private keys. If those keys are extracted from a phone, an attacker can authorize transactions and move funds. Ledger’s report highlights the risk of keeping private keys on general-purpose smartphones using the MT6878 versus using hardware designed to resist physical fault injection.

As we reported earlier, Ledger plans to raise capital in 2026 and is weighing a New York listing or a private round as demand for its hardware wallets increases. The Paris-based firm says 2025 is its best year yet, with revenue in the triple-digit millions and accelerating sales.

The buying surge follows $2.2bn in thefts in the first half of 2025, including the $1.5bn Bybit hack tied by analytics firms to North Korean actors, and a rise in wallet-draining, with about 23% of stolen funds taken from personal wallets.