Ledger’s security research arm, Donjon, just published findings showing that a precisely aimed laser pulse can bypass the password protection on Tangem hardware wallet cards. The attack targets the Samsung S3D232A secure element chip inside the cards, manipulating the firmware’s recovery-state check to reset the access password entirely, no original credentials required.
Here’s the thing that makes this particularly uncomfortable for Tangem users: because Tangem cards lack a firmware update mechanism, the vulnerability is unpatchable. Every single Tangem card currently in circulation is affected, and there’s nothing the company can push out to fix it.
How the attack actually works
The technique is called laser fault injection, or LFI. In English: researchers fire a rapid laser pulse at a specific point on the chip while it’s processing a security check. That pulse causes the chip to momentarily glitch, flipping the logic gate that verifies whether a password is correct.
Instead of asking “is this the right password?” and getting a “no,” the chip effectively gets tricked into thinking it’s in a recovery state where a password reset is allowed. The attacker can then set a new password and unlock the wallet’s contents.
The Samsung chip in question carries an EAL6+ security certification. Before anyone panic-sells their Tangem card on eBay, there are significant caveats. The attack requires physical possession of the card, access to high-end laboratory equipment, and an estimated $250,000 in setup costs. It also demands advanced expertise in hardware security, including the ability to characterize the specific chip and circumvent protections like flash-write fault detection.
Tangem’s response and the competitive backdrop
Ledger Donjon disclosed the vulnerability to Tangem on February 10, 2026, roughly five months before publishing the report on July 9, 2026. That’s a fairly standard responsible disclosure timeline.
Tangem’s public response has been to downplay the risk. The company characterized the attack as specialized, non-scalable, and more akin to theoretical lab testing than a realistic threat vector for everyday users. That framing isn’t entirely wrong, but it also sidesteps the uncomfortable reality that the vulnerability cannot be patched.
This is the second major security report Donjon has published targeting Tangem within roughly a year. The first, released in September 2025, detailed a brute-force attack method against the cards.
Tangem’s architecture does offer some natural defenses that are worth acknowledging. The wallets use a seedless model where private keys live entirely within the chip and never get exported. The cards don’t store any identifying information about the owner or their asset balances. So even if an attacker had the resources to execute this attack, they’d first need to identify which card is worth targeting, a problem that Tangem’s design makes deliberately difficult.
What this means for hardware wallet users
For the average crypto holder storing a few thousand dollars, the $250,000 laser attack is not a realistic concern. The cost of the attack dramatically exceeds what most wallets contain. The economics simply don’t work for an attacker unless they’re targeting a card they know holds significant value.
For high-net-worth holders or institutional users, the calculus changes. An unpatchable vulnerability in a device protecting millions of dollars in crypto assets is a different conversation entirely. The inability to push a firmware fix means this risk doesn’t diminish over time. It’s baked into the hardware permanently.
Disclosure: This article was edited by Editorial Team. For more information on how we create and review content, see our Editorial Policy.

12 hours ago
16









English (US) ·