Researchers from Ledger’s Donjon security team have demonstrated a method by which a precisely timed laser pulse can reset the password of a Tangem crypto wallet card. This vulnerability allows an attacker to set a new password without needing the old one or a backup card, effectively granting control over the wallet and its contents.
The attack requires physical possession of the card and specialized equipment, estimated to cost around $250,000. Additionally, the process involves cutting open the card, which results in noticeable damage. Importantly, this method cannot be executed remotely, and there are no software updates available to mitigate the flaw, as Tangem cards cannot be patched.
Understanding the Vulnerability
A Tangem wallet resembles a standard bank card and utilizes a Samsung S3D232A chip, designed to resist tampering and certified to EAL6+ standards. The security of the wallet relies on two factors: possession of the card and knowledge of the password. However, the vulnerability lies in the password reset feature, which can be exploited during a specific check that determines if the card is in recovery mode. By firing a laser pulse at the chip during this check, the attacker can bypass the requirement for the old password and set a new one.
Challenges of the Attack
Executing this attack is not straightforward. It demands advanced hardware skills, precise timing, and a significant investment in equipment. The Donjon team reported that once they locked in the attack settings, it was successful on every card tested, taking approximately two hours per card. The flaw was reported to Tangem on February 10, 2026, but the lack of a fix remains a critical concern.
Responses from Tangem
Tangem has responded to the findings, stating that this attack is a lab-only method applicable to secure element chips in general, not just their cards. They emphasized that no one has lost funds due to a laser attack on their hardware wallets and that for most users, the practical risk is minimal. However, they acknowledged that the vulnerability exists in every card sold and cannot be patched.
Recommendations for Users
For most users, the best course of action is to ensure the card remains secure and inaccessible to potential thieves. If a Tangem card is lost or stolen and holds significant value, users are advised to transfer their funds immediately using another card from their set or a recovery seed if available. The attack underscores the importance of physical security in protecting cryptocurrency assets.
This article was produced by NeonPulse.today using human and AI-assisted editorial processes, based on publicly available information. Content may be edited for clarity and style.








