Laser Attack Breaks Tangem Wallet Passwords on Unpatchable Cards

ยท
Listen to this article~4 min
Laser Attack Breaks Tangem Wallet Passwords on Unpatchable Cards

Ledger's Donjon team reveals a laser pulse can reset Tangem wallet passwords on unpatchable cards. Physical access required, but vulnerability is permanent. Learn how to protect your crypto.

Security researchers from Ledger's Donjon team recently demonstrated a chilling vulnerability: a precisely timed laser pulse aimed at the chip inside a Tangem crypto wallet card can reset the card's password to whatever the attacker chooses. No old password needed. No backup card required. Once the attack succeeds, the attacker gains full control of the wallet and can move every coin out. Before you panic, let me be clear: this isn't an emergency for most owners. The attack requires physical access to the card and specialized equipment. But it does raise serious questions about the security of hardware wallets that can't be patched. ### How the Attack Works The researchers used a focused laser to disrupt the chip's internal operations at exactly the right moment. This fault injection technique essentially tricks the chip into bypassing its password verification. The result? The attacker can set a new password of their own choosing, locking out the legitimate owner. Think of it like a lock that can be picked with a tiny, precise hammer blowโ€”except the lock is a computer chip, and the hammer is a laser. Once the chip resets, the wallet's security is gone. ### Why Tangem Cards Can't Be Patched Tangem wallets are designed as non-updatable cards. Unlike some hardware wallets that allow firmware updates, these cards are sealed and immutable. That means once a vulnerability like this is discovered, there's no way to fix it. The card's chip is essentially frozen in time, vulnerable forever. This is a double-edged sword. On one hand, it means no one can sneak in a malicious update. On the other, it means any flaw is permanent. For crypto users who rely on these cards for long-term storage, this is a serious concern. ### What This Means for Crypto Owners Here's the bottom line: - **Physical security matters more than ever.** If someone gets their hands on your card, they could potentially drain it using this method. - **This is not a remote attack.** The attacker needs direct access to the card and laboratory-grade equipment. It's not something a thief can do on the street. - **Consider using a wallet that supports firmware updates.** Devices like Ledger or Trezor can patch vulnerabilities after they're discovered. - **Don't store life-changing amounts on any single device.** Diversify your storage across multiple wallets and cold storage solutions. > "This attack is a reminder that no hardware wallet is bulletproof. Physical access is the ultimate vulnerability." โ€” Security researcher, paraphrased from the Donjon report. ### Practical Steps to Protect Yourself If you own a Tangem wallet, don't panic. Here's what you can do right now: - Keep your card in a safe or lockbox. Treat it like cash. - Never lend your card to anyone, even temporarily. - Consider moving large balances to a wallet that can be updated. - Use a passphrase or multi-signature setup for extra layers of security. This vulnerability is a wake-up call for the crypto community. Hardware wallets are powerful tools, but they're not magic. Understanding their limitations helps you make smarter decisions about where to store your digital assets. The good news? Most users won't ever face this kind of attack. But knowing about it gives you the chance to take simple precautions before a problem arises. Stay informed, stay safe, and never underestimate the value of physical security.