← Back to blog

Laser Attack Bypasses Tangem Wallet Security Permanently

A hardware-based laser attack can permanently reset passwords on certain Tangem crypto wallets with no trace. This physical exploit highlights risks in embedded security design.

TL;DR

  • Researchers used precise laser pulses to reset Tangem wallet card passwords without detection.
  • The attack leaves no software logs and works on cards that cannot be patched.
  • Once compromised, attackers gain full control of wallet funds with no recovery option.
  • Physical access and expensive equipment are required, limiting broad exploitation.
  • Organizations using such hardware tokens should evaluate supply chain and tamper risks.

Security researchers from Ledger Donjon have demonstrated a novel physical attack that permanently compromises the security of Tangem cryptocurrency wallet cards. By targeting the chip with precisely timed laser pulses, attackers can reset the card’s password to any value they choose.

Unlike typical software exploits, this method bypasses all digital authentication mechanisms and leaves no traceable evidence. Even more concerning is that affected cards cannot be patched, meaning once exploited, the wallet remains permanently compromised.

Attack Details and Impact

  • The attack uses optical fault injection to manipulate the card's secure element during password verification.
  • It requires physical access to the card and specialized lab-grade equipment, making it difficult to execute at scale.
  • There are no software indicators of compromise, and standard forensic analysis will not detect the intrusion.
  • Funds stored on the wallet can be drained immediately after the password is reset by the attacker.
  • Tangem has acknowledged the issue but confirmed that existing cards cannot receive firmware updates to mitigate the flaw.

Implications for Hardware Security Design

  • This vulnerability underscores the importance of robust physical tamper resistance in cryptographic hardware.
  • Organizations relying on similar smart card or embedded secure element technologies should assess their exposure to side-channel attacks.
  • Supply chain and device provenance become critical factors when hardware cannot be updated post-deployment.
  • Enterprises managing high-value digital assets may need to re-evaluate their use of unpatchable hardware tokens.
  • Defensive measures could include multi-signature schemes, air-gapped backups, and regular rotation of hardware credentials.

Sources

Sources

Security email updates

One digest email when we publish new security articles (TL;DR plus links to read more). Unsubscribe anytime from the message footer. See our Privacy Policy.

Laser Attack Bypasses Tangem Wallet Security Permanently — Agent Breach Blog | Agent Breach