Solana Seeker chip exposes fatal vulnerability! Ledger reveals electric shock can steal private keys and cannot be fixed

Paris security lab Ledger Donjon has released research indicating that millions of Android smartphones equipped with the MediaTek Dimensity 7300 chip have an unpatchable Boot ROM vulnerability. The crypto phone Solana Seeker also uses this processor. Researchers exploited this flaw using Electromagnetic Fault Injection (EMFI) to gain the highest privilege level, EL3, allowing them to read encrypted wallet private keys.

Boot ROM Flaw: Security Checks Fail at Boot-Up

The Boot ROM is the only executable code at chip startup, akin to a hardware DNA. Ledger Donjon’s official blog explains that if an attacker injects a specific electromagnetic pulse within the first few microseconds of the MediaTek chip’s boot process, security checks can be momentarily bypassed, enabling arbitrary code execution at the EL3 level. EL3 (Exception Level 3) is the highest privilege level in ARM architecture, where code can access all system resources, including cryptographic keys stored in secure areas.

Because Boot ROM is hardcoded into the silicon wafer during chip manufacturing, MediaTek cannot patch this vulnerability through firmware updates. This is fundamentally different from software vulnerabilities, which can be fixed via updates. Hardware-level flaws are permanent. The only way to eliminate the risk is to replace the entire chip, which is impossible for the millions of devices already sold.

This unfixable nature makes the Dimensity 7300 chip’s security risk especially severe. MediaTek acknowledges the vulnerability but claims it is “out of scope” for their threat model, since the Dimensity 7300 targets multimedia, AI, and daily applications—not banking vaults. While technically valid, this defense is clearly a design oversight for the Solana Seeker, which is positioned as a crypto asset management phone but uses a “non-bank-grade” processor.

The attack window for the Boot ROM vulnerability is extremely brief. Researchers must precisely time the chip’s boot sequence and inject the electromagnetic pulse within a specific few microseconds. This attack requires highly specialized equipment and technical expertise, including oscilloscopes, EM pulse generators, and precise timing systems. For ordinary thieves, this attack is too difficult and not cost-effective. However, for professional criminal teams targeting high-value crypto assets, this attack is entirely feasible.

Practical Threat Assessment of EMFI Attacks

While this attack requires physical access to the device and specialized equipment—unlike remote “zero-click” exploits—its threat is real. In lab conditions, the success rate per EM injection attempt is only 0.1% to 1%. This seems low, but automated systems can try thousands of times in minutes. Assuming a 0.5% success rate, 1,000 attempts yield a cumulative success probability of about 99.3%. This means that with enough time and equipment, attackers can almost certainly succeed.

For average users, phone theft mostly poses a hardware resale risk. Thieves usually quickly wipe and resell devices, not bothering to crack user data. However, for crypto whales with substantial holdings, the situation is entirely different. If a Solana Seeker owner is known to hold millions in crypto, professional criminals may specifically steal the phone and use EMFI equipment to attack it.

This means that if private keys are stored on the phone, attackers have a chance to physically breach it and obtain the highest system privileges. Once EL3 is obtained, attackers can bypass all software-level security measures, including passcodes, biometrics, and wallet protections. Passcodes and fingerprints are no longer the last line of defense since they operate at the software layer, while EL3 privilege can directly read raw private keys stored in secure regions.

Five Key Features of EMFI Attacks

Requires physical access: Direct access to the phone’s motherboard is necessary; cannot be performed remotely

Specialized equipment required: Expensive tools like EM pulse generators and oscilloscopes are needed

Low per-attempt success rate: Each attempt has only a 0.1% to 1% success rate

Automatable and repeatable: Automated systems can attempt thousands of times within minutes

Targets high-value assets: Economically viable only for targets with substantial holdings

Ledger’s report highlights the value of external hardware wallets, arguing that only dedicated secure elements can separate performance and security. Ledger’s own hardware wallets use specially designed Secure Elements, chips built to protect keys and resist physical attacks. Even with EMFI or other physical attacks, Secure Elements can detect anomalies and self-destruct or lock down to prevent key leakage.

The Fundamental Difference Between Consumer Chips and Secure Elements

The MediaTek Dimensity 7300 is a consumer-grade mobile processor, prioritizing performance, power efficiency, and cost—not bank-grade security. This is not MediaTek’s fault, but a result of its market positioning. Consumer chips must remain cost-competitive and cannot afford extensive physical security design like dedicated secure chips.

By contrast, dedicated secure elements such as those used by Ledger employ multilayered physical protections. These include metal mesh layers for intrusion detection, voltage and clock monitoring for abnormal operations, temperature sensors to resist extreme environments, and active defenses that wipe sensitive data upon attack detection. These designs make the cost of successfully extracting keys extremely high, even for attackers with expensive equipment and expertise.

Solana Seeker is marketed as a crypto phone, but using a consumer-grade processor is a fundamental contradiction. The core selling point of a crypto phone is security, but its hardware foundation cannot provide protection comparable to professional hardware wallets. Seeker includes a Seed Vault feature, a software-level security mechanism to protect private keys. However, when the underlying chip has vulnerabilities that can be bypassed by physical attacks, software protections become fragile.

As for whether Solana Seeker’s Seed Vault is affected by this vulnerability and whether it impacts device security, there is currently no official information or response. This silence has led to sporadic community questioning, and further confirmation is needed. The Solana Foundation and Seeker’s manufacturer need to publicly explain how they assess the practical impact of this vulnerability on user asset security.

$2.17 Billion Stolen This Year & Segmented Asset Management Advice

From early 2025 to now, global crypto service platforms have lost $2.17 billion to theft, surpassing the total for all of 2024. Facing both theft and hardware vulnerability risks, cybersecurity expert Eric cautions: “If your safe’s key is made of plastic, you can’t blame the thief for melting it with a lighter.” This analogy aptly describes the current situation: using a consumer chip to protect large crypto assets is like guarding a vault with a plastic key.

He advises users to move large sums to offline cold wallets, keeping only daily spending amounts on phones. This asset segmentation strategy is fundamental to crypto security. Similar to traditional finance, where people don’t carry all their cash in their wallet but store most in a safe deposit box, hardware cold wallets are the vault, and mobile hot wallets are for daily use.

Three-Tier Architecture for Segmented Crypto Asset Management

Cold wallet storage: 90%+ of assets stored offline in hardware wallets like Ledger or Trezor

Mobile hot wallet: Only 5%-10% kept for daily transactions and DeFi interactions

Exchange accounts: No more than 5% for active trading, with maximum security settings enabled

For institutional investors, reassessing the role of mobile devices in risk management and introducing multisig and hardware isolation has become industry consensus. Institutions managing tens or hundreds of millions in crypto cannot rely on a single mobile wallet. Multisig requires multiple independent devices to sign off on transactions; even if one device is compromised, assets remain safe. Hardware isolation means private keys are managed on a dedicated offline device, never exposed to the internet.

Ledger’s research highlights a harsh reality: in crypto, security is always the highest priority, and convenience must take a back seat. Solana Seeker aims to offer convenient mobile crypto asset management—a compelling vision, but if the underlying hardware has fundamental security flaws, this convenience could become a seed for disaster.