The recent findings from Ledger’s Donjon security team have raised eyebrows in the cryptocurrency community as they reveal a potential vulnerability in Tangem wallet cards. This attack, which requires sophisticated skills and equipment, has sparked discussions about the security of these wallet cards and their susceptibility to physical exploitation.
According to Ledger's research, the method involves a precise laser pulse aimed at the secure element firmware of Tangem cards. This pulse can effectively reset the password, allowing unauthorized access to the funds linked to the card. However, this exploit demands physical access to the card, advanced laboratory tools, and significant expertise, estimated to need up to $250,000 worth of equipment.
Understanding the Attack
The technique, discussed in a technical report from Ledger, consists of bypassing the firmware's password verification process. Normally, the card verifies the current password before allowing a reset or recovery through a linked backup card. However, the researchers successfully exploited a flaw that permitted them to set a new password without requiring the original password or a backup card.
However, the attack is invasive. The researchers had to disassemble the physical card, exposing the chip after removing protective shielding. Each attempt at the attack took approximately two hours for setup and execution, but notably, the invasive nature of the approach means that an attacker cannot discreetly carry out the procedure and then return the card to its unaltered state.
Risks Evaluated by Tangem
Despite the successful demonstration of this attack, Tangem is downplaying the practical risks to its users. In a statement shared on social media, the company acknowledged the test results but contended that the actual risk for everyday users remains “virtually non-existent.” They pointed out that the combination of needing to physically possess the card, as well as the complexity of executing the attack, significantly mitigates the likelihood of an average user being affected.
Tangem wallet cards currently being used cannot receive firmware updates, so the devices out there are vulnerable without a potential patch. This lack of update capability means that users need to ensure their wallet cards are kept secure to prevent theft or loss, as those are the primary scenarios where this attack could become a concern.
This incident highlights the ongoing challenges related to security in the cryptocurrency realm. As digital assets garner more attention, the importance of safeguarding hardware wallets like Tangem becomes even more pronounced. It serves as a reminder for users to maintain physical security for their wallets and to remain vigilant in assessing emerging threats in the cryptosphere.
This material is for informational purposes only and should not be considered financial advice.

