Crypto wallet provider Ledger has identified a critical hardware vulnerability in a chip widely used in smartphones, including Solana’s Seeker device, that could allow attackers to gain complete control and steal private keys.
According to Ledger’s Donjon lab, the MediaTek Dimensity 7300 (MT6878) chip contains a fault injection flaw that cannot be fixed via software updates, leaving all devices using it permanently exposed.
Researchers Charles Christen and Léo Benito demonstrated that using electromagnetic fault injection (EMFI) during the chip’s boot sequence allows them to bypass security checks, access the boot ROM, and run code at the highest security level of the processor.
“There is simply no way to safely store and use one’s private keys on those devices,” Christen and Benito warned.
How the attack works
The attack requires physical access to the phone and specialized equipment. By sending rapid electromagnetic pulses at the chip during the earliest boot instructions, researchers forced it to skip security routines, eventually gaining control over memory, the boot process, and protected data.
While the success rate of each attempt is low (0.1% to 1%), repeated reboots allow an attacker to eventually achieve full control, putting crypto assets stored on the device at risk.
“Given that we can try to inject a fault every 1 second or so, we repeatedly boot up the device, try to inject the fault, and if the fault does not succeed, we simply power up the SoC and repeat the process.”
Unfixable hardware flaw
Ledger emphasized that the vulnerability is inherent to the chip’s hardware and cannot be patched through software.
“Users stay vulnerable even if the vulnerability is disclosed,” the researchers said.
Unlike software flaws, the issue is embedded in the silicon itself, meaning every device using the MT6878 remains exposed.
Chipmaker response
MediaTek acknowledged that EMFI attacks are “out of scope” for the MT6878, which was designed for general consumer smartphones, not for financial applications or hardware wallets. The company suggested that devices requiring high security should include countermeasures specifically designed to resist physical attacks.
“Like many standard microcontroller circuits, the MT6878 chipset is designed for use in consumer products, not for applications such as finance or HSMs (Hardware Security Modules),”
Smartphones are often used to store private keys, making hardware-level vulnerabilities especially concerning for crypto users. Ledger notes that early boot components such as the boot ROM and preloader are critical to device security. Compromising these areas gives attackers near-total control, a problem reminiscent of Apple’s checkm8 flaw in previous years.
The Seeker phone, designed to integrate Solana’s Web3 ecosystem, highlights the tension between mainstream mobile hardware and the security needs of blockchain users.
As blockchain-enabled devices gain popularity, Ledger’s warning serves as a reminder that hardware security must keep pace with the growing stakes of mobile crypto adoption.
Oleksii Shumak
Disclaimer: All materials on this site are for informational purposes only. None of the material should be interpreted as investment advice. Please note that despite the nature of much of the material created and hosted on this website, HODL FM is not a financial reference resource, and the opinions of authors and other contributors are their own and should not be taken as financial advice. If you require advice. HODL FM strongly recommends contacting a qualified industry professional.
