The finding, first disclosed publicly on December 4, 2025 and receiving renewed attention in coverage published March 11, 2026, centers on a technique called Electromagnetic Fault Injection (EMFI). Ledger engineers Charles Christen, Léo Benito, and Baptistin Boilot demonstrated that a precisely timed electromagnetic pulse delivered to a chip's coil during the boot process can scramble security checks, deactivate the Memory Management Unit (MMU), escalate attacker privileges to the highest ARM processor execution level (EL3), and hand over full system control. Each attempt takes roughly one second, with a success rate of 0.1 to 1 percent per try. Under lab conditions, full device compromise takes only a few minutes.

The reason no software fix can address this is straightforward: the vulnerability sits in the chip's Boot ROM, a section of code etched into silicon during manufacturing. Over-the-air updates have no access to Boot ROM. Any device running the MediaTek Dimensity 7300 (also designated MT6878) will remain permanently exposed. Affected hardware confirmed or identified as likely vulnerable includes the Solana Seeker (a crypto-native Android phone marketed specifically for Web3 use), the POCO X7, and the Xiaomi Redmi Note 14 Pro 5G. Other Android phones running the same or closely related MediaTek chips are likely affected as well. MediaTek holds approximately 35 percent of the global smartphone processor market, a figure that underscores how broadly devices built on this architecture are distributed.

The vulnerability's disclosure followed a structured responsible disclosure process. Research began in February 2025. The Ledger Donjon team successfully demonstrated the exploit and privately notified MediaTek in May 2025, giving the chipmaker approximately seven months of advance notice before findings were made public on December 4, 2025.

Ledger's own hardware wallets are not affected. The vulnerability is specific to software-based hot wallets (apps that store keys directly on a general-purpose smartphone) rather than dedicated hardware wallets that use certified Secure Elements. The Donjon team was direct: "There is simply no way to safely store and use one's private keys on those devices," referring to phones that lack a dedicated Secure Element. The team added two further observations that frame the broader security posture: "Security should really ultimately rely on Secure Elements, especially for self-custody," and "Smartphones' threat model, just like any piece of technology, cannot reasonably exclude hardware attacks from consideration." MediaTek's official response stated: "Hardware EMFI attacks are out of scope for the MT6878 chipset. The chip was designed as a consumer-grade component rather than as a high-security module or hardware security module [HSM]." This position effectively places responsibility on device makers and end users rather than the chip designer.

The practical exposure is concentrated in two regions. India has roughly 110 million crypto wallet users, the largest count of any country globally. MetaMask, a widely used Ethereum-compatible wallet, commands about 63 percent of the Indian user base and is accessed almost entirely through Android apps. The POCO X7 and Redmi Note 14 Pro 5G, both running the vulnerable chip, sell in India at approximately 16,999 to 17,999 rupees (around $200), putting them squarely in the mid-range tier popular with urban users active in DeFi and token trading. In Nigeria, the situation is even more concentrated: the country accounts for 12.7 percent of all global MetaMask users, the largest single-country share worldwide. Android controls over 85 percent of the African smartphone market, and mobile wallets are not a convenience feature in this context. For most users across West and East Africa, a smartphone running a software wallet is the only available interface for crypto participation. Nigeria, Kenya, and Ethiopia are all identified as key exposure markets in the region. Android Go has been pre-installed on over 40 million entry-level smartphones across these three countries, serving first-time internet users for whom a mobile software wallet is often the sole means of crypto participation. Hardware wallets such as Ledger Nano devices, priced between $79 and $249, remain economically out of reach for the majority of users in these markets.

The timing compounds an already deteriorating physical security environment. Confirmed physical attacks on crypto holders, known in industry shorthand as "wrench attacks" referring to violent coercive theft, increased 75 percent in 2025, rising from 41 to 72 documented incidents and generating over $40.9 million in confirmed losses. Physical assaults including kidnappings jumped 250 percent compared to 2024. Asia accounts for roughly one-third of reported global incidents, and the available data patterns suggest significant underreporting in African markets. The EMFI technique requires only brief physical possession of a phone, not a prolonged confrontation, which lowers the bar considerably for opportunistic theft scenarios.

The attack tools used by the Ledger team are open-source and not limited to sophisticated state-level actors. The researchers used publicly available hardware components including the Scaffold board and SiliconToaster, meaning the methodology is accessible to anyone with moderate technical knowledge and motivation.

The Solana Seeker's inclusion on the affected device list highlights a direct contradiction at the heart of its product positioning. The device was marketed as purpose-built for Web3, yet it runs a chip whose manufacturer has explicitly stated it is not appropriate for high-security financial applications. Whether MediaTek's "out of scope" framing will attract regulatory attention as crypto custody increasingly falls under formal financial oversight is, as an editorial matter, an open question with no confirmed regulatory development to date. For now, users holding meaningful on-chain value through mobile wallets on affected hardware have one practical mitigation available: migrating assets to a hardware wallet with a certified Secure Element. As a secondary measure, adding a passphrase (sometimes called a 25th word) to a standard 24-word seed phrase provides additional protection. The passphrase is never stored on the device itself and therefore cannot be retrieved from device storage through this attack method.

This article reflects renewed public attention on research first disclosed on December 4, 2025. No new CVE has been issued in connection with this vulnerability as of publication.