Select a theme from the list.
Insights

From our experts

Latest
Microsoft Expands AI-Led Security Hardening and Sets 2029 Quantum-Safe GoalGlobal CMS Exploitation Wave Plants Webshells on Business WebsitesExposed Attack Server Unmasks Three Microsoft 365 Phishing OperationsMicrosoft Prepares Windows Customers for a Faster Era of AI-Driven PatchingLaser Attack Exposes an Unpatchable Weakness in Tangem Crypto Wallet CardsGlobal CMS Exploitation Wave Puts Business Websites at Immediate RiskMacOS Malware 'Poseidon Stealer' Rebranded as 'Odyssey Stealer'CISA Warns of Critical Vulnerabilities in Mitsubishi Electric ICS HardwareAhold Delhaize Data Breach Exposes 2.2 Million Customers' InformationSwitzerland Mandates 24-Hour Cyberattack Reporting for Critical SectorsFTC to Distribute $25.5 Million to Victims of Tech Support ScamsMicrosoft to Deprecate Publisher by October 2026Microsoft Expands AI-Led Security Hardening and Sets 2029 Quantum-Safe GoalGlobal CMS Exploitation Wave Plants Webshells on Business WebsitesExposed Attack Server Unmasks Three Microsoft 365 Phishing OperationsMicrosoft Prepares Windows Customers for a Faster Era of AI-Driven PatchingLaser Attack Exposes an Unpatchable Weakness in Tangem Crypto Wallet CardsGlobal CMS Exploitation Wave Puts Business Websites at Immediate RiskMacOS Malware 'Poseidon Stealer' Rebranded as 'Odyssey Stealer'CISA Warns of Critical Vulnerabilities in Mitsubishi Electric ICS HardwareAhold Delhaize Data Breach Exposes 2.2 Million Customers' InformationSwitzerland Mandates 24-Hour Cyberattack Reporting for Critical SectorsFTC to Distribute $25.5 Million to Victims of Tech Support ScamsMicrosoft to Deprecate Publisher by October 2026
Security Insight

Laser Attack Exposes an Unpatchable Weakness in Tangem Crypto Wallet Cards

Laser Attack Exposes an Unpatchable Weakness in Tangem Crypto Wallet Cards
Photo by khezez | خزاز on Pexels

Security researchers demonstrated that a precisely timed laser pulse can manipulate the secure chip inside a Tangem wallet card and reset its password. The attack requires physical possession, expensive laboratory equipment and invasive modification, but affected cards cannot receive a firmware fix.

Researchers from Ledger's Donjon security team have demonstrated a physical attack capable of resetting the password on a Tangem cryptocurrency wallet card. By directing a carefully timed laser pulse at the card's secure element, an attacker can interfere with a critical verification step and make the device accept a new password.

How the Attack Works

Tangem cards store the private keys controlling a user's cryptocurrency inside a hardened chip. Under normal conditions, access requires possession of the card and knowledge of its password. Tangem also provides a recovery process in which another card from the same set can authorize a password reset.

The researchers discovered that laser fault injection could disrupt the chip while it checks whether recovery mode has been authorized. If the check fails in the attacker's favor, the card can behave as though the required recovery conditions were met. The attacker can then assign a new password and gain control over the wallet.

This is not a remote or inexpensive attack. The card must be physically opened to expose the chip, leaving visible damage. Researchers estimated that the laboratory equipment could cost approximately $250,000, while preparing and executing the procedure requires specialist hardware knowledge.

The Security Tradeoff Behind Immutable Firmware

The most concerning aspect is that existing cards cannot be repaired through a software update. Tangem designed the card firmware to be immutable, reducing the risk that remote attackers or malicious updates could change its behavior. That design offers meaningful protection, but it also means a vulnerability embedded in the firmware remains for the lifetime of the product.

In my view, this case illustrates why immutability should not automatically be presented as an absolute security advantage. A device that cannot be modified by an attacker also cannot be corrected by its manufacturer. Hardware wallet vendors need layered controls so the failure of one chip check does not immediately provide access to valuable assets.

What Owners Should Do

  • Keep wallet cards in a physically secure location.
  • Treat a lost or stolen card as a security incident.
  • Move valuable assets promptly if a card cannot be recovered.
  • Maintain a secure recovery method that does not depend on one device.
  • Avoid publicly linking a specific wallet card to a high-value cryptocurrency address.

The practical risk remains low for ordinary users because the attack is expensive, destructive and highly specialized. However, people or institutions holding substantial cryptocurrency should evaluate physical theft scenarios more seriously. Once an attacker possesses an unpatchable device, time and financial incentives may become more important than the technical difficulty.

Talk to our team →

Latest

Microsoft Expands AI-Led Security Hardening and Sets 2029 Quantum-Safe GoalJul 13, 2026Global CMS Exploitation Wave Plants Webshells on Business WebsitesJul 13, 2026Exposed Attack Server Unmasks Three Microsoft 365 Phishing OperationsJul 13, 2026Microsoft Prepares Windows Customers for a Faster Era of AI-Driven PatchingJul 13, 2026Laser Attack Exposes an Unpatchable Weakness in Tangem Crypto Wallet CardsJul 13, 2026Global CMS Exploitation Wave Puts Business Websites at Immediate RiskJul 13, 2026

Most read

1Microsoft Expands AI-Led Security Hardening and Sets 2029 Quantum-Safe Goal2Global CMS Exploitation Wave Plants Webshells on Business Websites3Exposed Attack Server Unmasks Three Microsoft 365 Phishing Operations4Scattered Spider's Cyberattack on Marks & Spencer Exposes Retail Vulnerabilities5Microsoft Prepares Windows Customers for a Faster Era of AI-Driven Patching6Laser Attack Exposes an Unpatchable Weakness in Tangem Crypto Wallet Cards