Wallet

Security researchers at Ledger have identified a permanent vulnerability in MediaTek's Dimensity 7300 chip affecting multiple Android devices, including the Solana Seeker. The flaw exists in the chip's boot ROM and cannot be fixed through software updates. Attackers could exploit the vulnerability through electromagnetic fault injection to gain complete device control, according to the research team.

Washington state's Department of Financial Institutions issued a Temporary Cease and Desist Order against Bitcoin ATM operator Coinme on December 1, 2025. The Seattle-based company must halt money transmission services and return over $8 million to customers. The regulator alleges the firm illegally converted unredeemed customer funds into corporate revenue, violating the state's Uniform Money Services Act.

Solana Mobile will launch its SKR governance token in January 2026 with a total supply of 10 billion units, allocating 30% to airdrops for Seeker and Saga device holders. The announcement came hours after Ledger researchers disclosed a hardware vulnerability in the MediaTek Dimensity 7300 chip used in Seeker smartphones that could enable private key extraction through physical access. The token will implement 10% initial inflation declining to a 2% terminal rate, with distribution including 25% for growth initiatives and 15% for Solana Mobile.

Solana Mobile will release its SKR governance token in January 2026 with a fixed supply of 10 billion units. The allocation designates 30% for community airdrops targeting early adopters. Initial inflation stands at 10% annually, declining by 25% each year until reaching a terminal rate of 2%.

Ledger disclosed a permanent hardware vulnerability in the MediaTek Dimensity 7300 chip that powers the Solana Seeker smartphone. The flaw allows attackers with physical access to gain full device control and extract private keys. No software patch can resolve the issue, as the weakness is embedded in the chip's silicon.

Security researchers captured North Korean operatives in real time after deploying a honeypot workstation that mimicked a developer environment. The operatives, linked to the Lazarus Group's Famous Chollima division, used legitimate AI hiring tools and cloud services to establish trusted insider access rather than exploit code vulnerabilities. The operation revealed systematic use of job-automation software, VPN masking, and persistent remote-access protocols to bypass corporate security measures.

MetaMask launched Transaction Shield on December 3, 2025, a paid security feature offering up to $10,000 in monthly coverage for losses from approved transactions. The $9.99 monthly subscription targets signature-based scams across Ethereum, Arbitrum, Polygon, BNB Chain, and Base.

Circle has partnered with OpenMind to implement the x402 payment protocol for autonomous machine transactions using USDC stablecoin. The collaboration will integrate USDC into OpenMind's robotics and AI platform for microtransactions between AI agents. OpenMind secured $20M in funding led by Pantera Capital in August 2025, with the project currently in early development stages.

The Federal Deposit Insurance Corporation will publish proposed stablecoin oversight regulations under the GENIUS Act before year-end. Acting FDIC Chair Travis Hill said the agency will first establish an application framework for issuers seeking federal supervision this month. A separate proposal on prudential requirements will follow in early 2026.

South Korean exchange Upbit will restore deposit and withdrawal services on December 1, 2025, at 1 PM KST following a November 27 security breach that resulted in $36.8 million in losses. The platform will absorb all losses from its own reserves, ensuring no impact to customer funds. Authorities suspect the Lazarus Group orchestrated the attack using compromised administrator credentials.