Researchers from Ledger's Donjon security team have demonstrated a physical attack capable of resetting the password on a Tangem cryptocurrency wallet card. By directing a carefully timed laser pulse at the card's secure element, an attacker can interfere with a critical verification step and make the device accept a new password.
How the Attack Works
Tangem cards store the private keys controlling a user's cryptocurrency inside a hardened chip. Under normal conditions, access requires possession of the card and knowledge of its password. Tangem also provides a recovery process in which another card from the same set can authorize a password reset.
The researchers discovered that laser fault injection could disrupt the chip while it checks whether recovery mode has been authorized. If the check fails in the attacker's favor, the card can behave as though the required recovery conditions were met. The attacker can then assign a new password and gain control over the wallet.
This is not a remote or inexpensive attack. The card must be physically opened to expose the chip, leaving visible damage. Researchers estimated that the laboratory equipment could cost approximately $250,000, while preparing and executing the procedure requires specialist hardware knowledge.
The Security Tradeoff Behind Immutable Firmware
The most concerning aspect is that existing cards cannot be repaired through a software update. Tangem designed the card firmware to be immutable, reducing the risk that remote attackers or malicious updates could change its behavior. That design offers meaningful protection, but it also means a vulnerability embedded in the firmware remains for the lifetime of the product.
In my view, this case illustrates why immutability should not automatically be presented as an absolute security advantage. A device that cannot be modified by an attacker also cannot be corrected by its manufacturer. Hardware wallet vendors need layered controls so the failure of one chip check does not immediately provide access to valuable assets.
What Owners Should Do
- Keep wallet cards in a physically secure location.
- Treat a lost or stolen card as a security incident.
- Move valuable assets promptly if a card cannot be recovered.
- Maintain a secure recovery method that does not depend on one device.
- Avoid publicly linking a specific wallet card to a high-value cryptocurrency address.
The practical risk remains low for ordinary users because the attack is expensive, destructive and highly specialized. However, people or institutions holding substantial cryptocurrency should evaluate physical theft scenarios more seriously. Once an attacker possesses an unpatchable device, time and financial incentives may become more important than the technical difficulty.
