🔥BTC/USDT

Ledger researchers reveal laser attack on Tangem cards

Researchers from Ledger’s security division have disclosed a hardware-level vulnerability in Tangem wallet cards that can allow an attacker to reset a card’s password and take control of the wallet, but only after gaining physical possession of the card and using highly specialized laboratory equipment.

The attack relies on laser fault injection, a technique that uses a precisely aimed laser pulse to disturb the behavior of a chip at a critical moment. Ledger’s researchers said the method can bypass firmware checks inside Tangem’s secure element, allowing a new password to be created without the original password or a backup card.

If successful, the reset would give the attacker the ability to authorize transactions and move digital assets linked to the compromised card. The researchers said they reproduced the attack on multiple Tangem cards, with each successful replication taking about two hours once the required laboratory setup was in place.

The immediate risk to most cardholders appears limited because the method is invasive, expensive and technically demanding. It requires direct physical access to the card, chip-level manipulation, fault-analysis knowledge and laser equipment that Ledger estimated at roughly $250,000. The technique cannot be carried out remotely, through phishing, or by secretly interacting with a card that remains in a user’s possession.

Still, the disclosure raises broader questions about hardware wallet design, especially for devices that cannot receive firmware updates after they are shipped. Ledger’s team said affected Tangem cards cannot be patched through a software update, meaning every card built with the same design remains exposed to the same underlying weakness if it is lost, stolen or otherwise physically captured.

How the attack works

Tangem cards are designed as compact, card-shaped hardware wallets that store private keys inside a secure element. A secure element is a specialized chip built to protect sensitive data from extraction, tampering and many forms of side-channel attack.

In normal use, a Tangem card requires the correct password, or an approved recovery process, before sensitive operations can be performed. Ledger’s researchers said the weakness appears in the logic that verifies whether the card is in a valid recovery state.

According to the researchers, the attack begins by exposing the secure element inside the Tangem card. The attacker then uses a nanosecond laser pulse, aimed at a specific part of the chip, to create a short-lived fault during a security check. That fault causes the card to skip or misread a firmware validation step that should prevent an unauthorized password reset.

By interfering with the chip at that precise moment, the attacker can make the card accept a password-change operation even though the normal recovery conditions have not been met. In practice, this means the card can be placed under the attacker’s control without knowing the original password and without having access to a second approved recovery card.

Once the password is reset, the attacker can use the card in the same way as a legitimate holder. That includes signing blockchain transactions. If the compromised card controls funds, those assets can then be transferred to addresses controlled by the attacker.

Ledger’s team said the method was not a one-time laboratory accident. After first demonstrating the attack, the researchers reportedly reproduced it on two additional cards using the same equipment and procedure. Each replication took around two hours, showing that the method is repeatable once the attacker has identified the required fault-injection conditions.

Why the flaw cannot be patched

A central concern in the disclosure is that Tangem cards affected by the issue cannot be updated through firmware. Many hardware devices rely on software updates to fix logic flaws discovered after release, but some secure-element products are intentionally built with limited or no update capability.

That design can reduce the risk of malicious firmware changes and simplify security assumptions. However, it also creates a permanent problem if a flaw is later found in the chip’s logic, recovery process or access controls. Once the device is distributed, the weakness remains in circulation for as long as the product continues to be used.

Ledger’s researchers said this case shows how “read-only” or factory-sealed security designs can cut both ways. A device that cannot be changed after production may be resistant to certain software attacks, but it also cannot be repaired if the original design contains a mistake.

For everyday cardholders, the practical danger depends heavily on physical custody. A remote attacker cannot use this method from across the internet. A malicious website, infected phone or compromised computer cannot fire a laser into the secure element of a card sitting in a drawer. But if the card is stolen, seized, misplaced or intercepted, the lack of an update path means the defense must come from physical security and wallet structure rather than a later patch.

Ledger’s team recommended that future secure-element firmware include stronger and more layered protections around recovery and password changes. The researchers said firmware should use multiple independent validation checks, stronger state verification and protections that remain active even when recovery features are disabled.

The group also noted that a high certification rating does not automatically prevent this type of attack. Tangem has pointed to EAL6+ certification for its secure element, a level associated with rigorous evaluation. Ledger’s researchers said even highly rated chips can remain vulnerable to hardware-based fault injection if the logical safeguards around sensitive operations are not sufficiently redundant.

Tangem pushes back on real-world risk

Tangem responded by emphasizing the extreme requirements of the attack. The company said the described scenario requires full physical control of a card, laboratory-grade equipment and advanced technical skill, making the chance of exploitation against ordinary holders extremely low.

The company also pointed out that Ledger is a competitor in the hardware wallet sector and said that relationship should be considered when assessing the report. Competitive tension is common in cryptocurrency security disclosures, especially when one wallet maker evaluates another company’s product. Still, the technical claims stand apart from the business rivalry and focus on whether a secure element can be faulted into accepting an unauthorized password reset.

Tangem’s position is that the attack does not create a practical remote threat and does not undermine the safety of cards that remain physically secure. Ledger’s position is that the issue is significant because a stolen card should not be vulnerable to a password reset simply because an attacker has enough time and equipment.

Both points can be true at the same time. The attack is not simple, cheap or scalable. It is not the kind of method likely to be used against casual users with small balances. But for wealthy targets, businesses, funds, family offices, high-profile traders or anyone known to store substantial assets on a single physical device, the calculation is different. Sophisticated criminals have used expensive tools before when the potential reward was high enough.

Earlier findings add context

The latest disclosure follows earlier Tangem-related findings from the same Ledger security group. Those included a state-verification bypass in Tangem’s Android app and a weakness in the card’s authentication process that could allow faster password guessing under certain conditions.

In a previous study, Ledger’s testing showed that attackers could bypass internal safety delays and attempt roughly two and a half access codes per second. That speed may sound slow compared with online password cracking, but it matters for short or predictable codes. A weak PIN, repeated pattern or common phrase can still be tested quickly enough to create risk.

The researchers said a strong eight-character password using letters and numbers can dramatically reduce that threat. At a rate of about 2.5 guesses per second, a well-randomized eight-character alphanumeric code would take around 143 years to exhaust by brute force. That estimate assumes the password is not based on a dictionary word, name, date, repeated structure or other predictable pattern.

The new laser fault-injection report is different from a brute-force weakness because it targets the recovery and password-reset logic rather than guessing the existing password. Even so, both findings point to the same broader lesson: hardware wallets depend not only on strong cryptography, but also on careful implementation of every state change, recovery step and authentication rule.

A private key can remain mathematically safe while the system around it contains a practical failure point. In this case, the relevant question is not whether an attacker can break the cryptography. It is whether the attacker can force the device into a state where the device itself grants authority it should not grant.

Physical security becomes the main defense

Because the reported Tangem attack requires physical possession, the most important defense is straightforward: do not lose control of the card.

That may sound obvious, but physical custody habits often receive less attention than seed phrase backups, exchange account passwords or phishing warnings. Hardware wallets are frequently treated as safe by default because they keep keys offline. This disclosure shows that “offline” does not mean untouchable.

For traders holding meaningful sums, hardware wallets should be treated more like bearer instruments than ordinary electronics. If a device can authorize a transfer, possession matters. A stolen card, even without the password, may become more dangerous when the attacker has access to advanced tools.

Secure storage can reduce that risk before it begins. Placing backup cards, seed materials or recovery devices in bank vaults, professional custody boxes, or heavy home safes makes direct tampering far more difficult. A thief cannot run a laser fault-injection procedure on a card that never leaves secure storage.

Regular checks also matter. Security professionals often recommend confirming that critical storage items are still where they are supposed to be. Checking secure boxes at least twice a month can help detect a missing item early. If a hardware wallet or recovery card disappears, the safest response is to move funds immediately to fresh addresses controlled by new, uncompromised keys.

Speed is important after loss or theft. A laser-based attack requires setup time and expertise, but once a card is in hostile hands, the owner no longer controls the timeline. Moving assets before an attacker can complete a laboratory process is the cleanest way to remove the threat.

Reducing single-device risk

The disclosure also strengthens the case for not concentrating all digital assets behind one device, one card, or one chip design.

Spreading holdings across several independent storage systems can reduce the damage caused by a single hardware flaw. If one brand or model is later found to have a weakness, only part of the portfolio is affected. This approach is especially useful for traders and organizations managing larger balances.

Multisignature arrangements can provide even stronger protection. In a multisignature setup, one stolen device cannot move funds by itself. A transaction may require signatures from two of three devices, three of five devices, or another chosen threshold. That means an attacker who compromises one Tangem card would still need additional approved devices or keys before any transfer could be completed.

This does not remove the need for physical security. Multisignature devices and backups must also be stored carefully. But it changes the failure model. A single stolen card no longer equals immediate control over the wallet.

The same principle applies to recovery design. Backup cards, seed phrases and recovery shares should not all be kept in one location. If all recovery materials are stored together, a burglary, fire, flood or insider threat can compromise the entire setup. If they are spread across secure locations, the system becomes harder to defeat with one event.

Certification is not the whole story

The case also highlights a long-running debate in chip security: certification is valuable, but it is not the same as immunity.

Security certifications such as EAL ratings can indicate that a chip has passed formal evaluation under defined criteria. They can give traders and companies some confidence that a device has been tested against known classes of attack. But certifications are not guarantees that every product using that chip has implemented flawless logic around password resets, recovery states or transaction authorization.

Hardware-security researchers, including specialists such as Sergei Skorobogatov, have long warned that determined attackers study public documentation, patent filings, chip layouts and product behavior before attempting invasive attacks. They do not begin with a blank slate. They often build a detailed model of how a device should behave, then look for the exact moment where a fault can produce a useful result.

That is why layered defenses matter. A single check can fail. A single state flag can be skipped. A single recovery validation can be disturbed. Stronger designs require independent checks that do not all fail in the same way when a chip is hit with a laser pulse, voltage glitch or other fault-injection technique.

What cardholders should do now

Tangem users do not need to panic if their cards remain in their possession and are stored securely. The reported attack is not remote, not casual and not easy to execute. But the disclosure is a reminder that physical security is part of wallet security.

Users with small balances may reasonably decide that the risk remains remote. Traders holding larger sums should review how their cards are stored, how strong their passwords are, whether funds are concentrated on one device, and whether a multisignature setup would better match their risk profile.

If a Tangem card is lost or stolen, the safest move is to transfer funds to a new wallet immediately, using uncompromised backup access if available. Waiting to see whether the card “turns up” can create unnecessary exposure.

The broader takeaway is clear: hardware wallets reduce many online risks, but they do not eliminate the need for careful operational security. A secure chip, a strong password and offline storage are all useful, but none should be treated as a complete defense on its own.


Protect your assets beyond hardware wallets—learn essential crypto safety practices in this security guide today.

Disclaimer: The content on this page is provided for general informational purposes only and does not represent the views or financial advice of Toobit. We make no guarantees regarding the accuracy or completeness of this information and shall not be held liable for any errors, omissions, or outcomes resulting from its use. Investing in digital assets involves risk; users should independently evaluate their financial situation and the risks involved. For further details, please consult our Terms of Service and Risk Disclosure.

Sign up and trade to earn over 15,000 USDT
Sign up