Researchers Expose Laser Attack That Resets Tangem Hardware Wallets
Security researchers at Ledger's Donjon team have demonstrated a sophisticated laser attack that can reset the password on Tangem crypto wallet cards without requiring the original password or a backup card. The attack works by firing a precisely timed laser pulse at the Samsung secure element chip inside the card, which disrupts a critical security check during the password reset process. This tricks the card into thinking it is in recovery mode when it is not, allowing the attacker to set a new password and gain complete control of the funds stored on the wallet.
While the vulnerability is real and affects every Tangem card ever made, the practical risk for most users remains extremely low. The attack requires physical possession of the card, approximately two hundred fifty thousand dollars worth of specialized laser equipment, and the ability to cut open the card and expose the chip, which leaves obvious physical damage. The process takes about two hours per card and cannot be performed remotely or without destroying the card's appearance. Additionally, because Tangem cards contain no identifying information about their owners or the value they hold, an attacker cannot know whether a stolen card is worth fifty dollars or fifty million dollars before committing to the expensive and time-consuming attack.
The core problem is that Tangem designed its cards to never accept firmware updates, marketing this immutability as a security feature. This means the discovered flaw cannot be patched, and every card currently in circulation will remain vulnerable forever. Tangem has pushed back against the findings, noting that the research comes from a competitor and that the attack targets secure element chips generally rather than being specific to their implementation. The company maintains that no funds have ever been lost to laser attacks on hardware wallets and that the practical risk for everyday users is virtually nonexistent given the cost and complexity involved.
The main concern is for users who have lost or had their Tangem cards stolen, particularly if those cards hold significant value. For these users, the password should no longer be considered adequate protection. Anyone in this situation should immediately transfer their funds using another card in their set or a recovery seed phrase if one was created. This incident is part of a broader pattern, as Donjon has also demonstrated similar laser attacks on other hardware wallets this year, including the Trezor Safe 7, though in that case the manufacturer was able to issue updates. For users who still possess their Tangem cards, the advice remains simple: keep the card physically secure, as the attack cannot be performed remotely and requires physical access to succeed.
Stay secure — stay Wavasec. 🔐