{"id":34103,"date":"2026-07-10T14:11:49","date_gmt":"2026-07-10T14:11:49","guid":{"rendered":"https:\/\/bitunikey.com\/news\/can-hackers-drain-tangem-cards-ledger-reveals-laser-attack\/"},"modified":"2026-07-10T14:12:05","modified_gmt":"2026-07-10T14:12:05","slug":"can-hackers-drain-tangem-cards-ledger-reveals-laser-attack","status":"publish","type":"post","link":"https:\/\/bitunikey.com\/news\/can-hackers-drain-tangem-cards-ledger-reveals-laser-attack\/","title":{"rendered":"Can hackers drain Tangem cards? Ledger reveals laser attack"},"content":{"rendered":"<p><\/p>\n<div class=\"post-detail__content blocks\">\n<p class=\"is-style-lead\">Ledger\u2019s Donjon security team has disclosed a hardware attack that can reset the password on a Tangem wallet card.\u00a0<\/p>\n<div id=\"cn-block-summary-block_d8904546f28471025c843f222c89f9ba\" class=\"cn-block-summary\">\n<div class=\"cn-block-summary__nav tabs\">\n        <span class=\"tabs__item is-selected\">Summary<\/span>\n    <\/div>\n<div class=\"cn-block-summary__content\">\n<ul class=\"wp-block-list\">\n<li>Ledger researchers reset Tangem card passwords using a targeted laser pulse against secure element firmware.<\/li>\n<li>The attack requires physical possession, specialist skills, invasive preparation and laboratory equipment costing around $250,000.<\/li>\n<li>Tangem called everyday risk virtually nonexistent but advised users to keep their wallet cards physically secure.<\/li>\n<\/ul><\/div>\n<\/div>\n<p><!-- .cn-block-summary --><\/p>\n<p>The method could allow an attacker to sign transactions and move funds linked to the card.<\/p>\n<p>However, the attack requires physical possession of the wallet, specialist knowledge and laboratory equipment worth about $250,000. Tangem said those conditions make the risk to ordinary users \u201cvirtually non-existent.\u201d<\/p>\n<p>    <!-- .cn-block-related-link --><\/p>\n<h2 class=\"wp-block-heading\"><strong>Laser attack bypasses Tangem password check<\/strong><\/h2>\n<p>According to <a rel=\"nofollow\" target=\"_blank\" href=\"https:\/\/donjon.ledger.com\/blog\/bypassing-tangem-card-security-with-laser-attack\/\" target=\"_blank\" rel=\"nofollow\">Ledger Donjon\u2019s technical report<\/a>, researchers used a nanosecond laser pulse against a specific area of the card\u2019s secure element. The pulse disrupted a check inside Tangem\u2019s firmware during a password reset command.<\/p>\n<p>Tangem cards normally require the current password before accepting a new one. A recovery process can also reset the password when a user has another backup card linked to the same wallet.<\/p>\n<p>The researchers said their attack bypassed the check that confirms whether the card had entered an approved recovery state. This allowed them to set a new password without knowing the original password or holding a backup card.<\/p>\n<p>Ledger Donjon repeated the process on three cards. After the initial research, each test reportedly took about two hours to prepare and complete. The team disclosed the flaw to Tangem on Feb. 10.<\/p>\n<h2 class=\"wp-block-heading\"><strong>Current Tangem cards cannot receive a patch<\/strong><\/h2>\n<p>Ledger said the issue affects Tangem cards currently in circulation. The cards do not support firmware updates, meaning Tangem cannot distribute a software patch to devices already held by customers.<\/p>\n<p>To perform the attack, researchers cut open the plastic card and removed shielding to expose the chip. They then rewired the device to custom equipment before carrying out power analysis and laser fault injection.<\/p>\n<p>The invasive preparation damages the physical card. Ledger Donjon said an attacker could not secretly perform the procedure and return the card in its original condition.<\/p>\n<p>\u201cWhat this means for users: there\u2019s no patch, but the attack is physical and invasive,\u201d the researchers said. They added that the main risk applies when a card becomes lost or stolen.<\/p>\n<h2 class=\"wp-block-heading\"><strong>Tangem disputes practical risk to users<\/strong><\/h2>\n<p>In its <a rel=\"nofollow\" target=\"_blank\" href=\"https:\/\/x.com\/Tangem\/status\/2075205173706670277\" target=\"_blank\" rel=\"nofollow\">response on X<\/a>, Tangem did not dispute that the laboratory team completed the attack. However, it questioned whether the findings represent a practical threat to customers.<\/p>\n<p>Tangem said the method needs \u201cphysical possession of the card, expensive laboratory equipment, and highly specialized expertise.\u201d It described the everyday risk as \u201cvirtually non-existent.\u201d<\/p>\n<figure class=\"wp-block-embed is-type-rich is-provider-x wp-block-embed-x\">\n<div class=\"wp-block-embed__wrapper\">\n<blockquote class=\"twitter-tweet\" data-width=\"550\" data-dnt=\"true\">\n<p lang=\"en\" dir=\"ltr\">Our comment on Ledger Donjon\u2019s latest article. It describes a laser fault injection (LFI), a physical, lab-only attack technique that applies to secure elements in general, not something unique to Tangem.<\/p>\n<p>It\u2019s also worth noting that while Ledger Donjon presents itself as an\u2026<\/p>\n<p>\u2014 Tangem (@Tangem) <a rel=\"nofollow\" target=\"_blank\" rel=\"nofollow\" href=\"https:\/\/x.com\/Tangem\/status\/2075205173706670277?ref_src=twsrc%5Etfw\">July 9, 2026<\/a><\/p><\/blockquote>\n<\/div>\n<\/figure>\n<p>The company also noted that Ledger Donjon operates within Ledger, one of Tangem\u2019s main hardware wallet competitors. Tangem said readers should consider that commercial relationship when assessing the report.<\/p>\n<p>Still, Ledger\u2019s researchers said the issue shows that an EAL6+ certified secure element does not protect against every attack. The certification covers the chip\u2019s resistance to physical threats, but security also depends on the firmware running inside it.<\/p>\n<h2 class=\"wp-block-heading\"><strong>Physical control remains the main safeguard<\/strong><\/h2>\n<p>The disclosed attack does not work remotely. An attacker cannot use it through the Tangem mobile app, an internet connection or an NFC interaction alone.<\/p>\n<p>Tangem users can reduce exposure by keeping every card secure and treating a lost card as a security event. Moving funds to a new wallet would remove the risk linked to a missing device.<\/p>\n<p>The finding follows earlier research into Tangem\u2019s security. Ledger Donjon previously disclosed an Android genuine-check bypass and a separate brute-force method targeting the card\u2019s authentication process.<\/p>\n<p>As reported by crypto.news, Ledger researchers also found a MediaTek chip flaw that could expose passwords and wallet data on some Android devices. Unlike the Tangem card attack, MediaTek later issued a patch for the affected mobile chips.<\/p>\n<p>The latest Tangem finding remains limited by cost, access and technical difficulty. However, users whose cards remain in their possession are not exposed to the physical attack described by Ledger Donjon.<\/p>\n<p>    <!-- .cn-block-related-link --><\/p><\/div>\n","protected":false},"excerpt":{"rendered":"<p>Ledger\u2019s Donjon security team has disclosed a hardware attack that can reset the password on a Tangem wallet card.\u00a0 Summary Ledger researchers reset Tangem card passwords using a targeted laser&hellip;<\/p>\n","protected":false},"author":1,"featured_media":8432,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[1],"tags":[],"class_list":["post-34103","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-cryptocurrency"],"_links":{"self":[{"href":"https:\/\/bitunikey.com\/news\/wp-json\/wp\/v2\/posts\/34103","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/bitunikey.com\/news\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/bitunikey.com\/news\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/bitunikey.com\/news\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/bitunikey.com\/news\/wp-json\/wp\/v2\/comments?post=34103"}],"version-history":[{"count":1,"href":"https:\/\/bitunikey.com\/news\/wp-json\/wp\/v2\/posts\/34103\/revisions"}],"predecessor-version":[{"id":34104,"href":"https:\/\/bitunikey.com\/news\/wp-json\/wp\/v2\/posts\/34103\/revisions\/34104"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/bitunikey.com\/news\/wp-json\/wp\/v2\/media\/8432"}],"wp:attachment":[{"href":"https:\/\/bitunikey.com\/news\/wp-json\/wp\/v2\/media?parent=34103"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/bitunikey.com\/news\/wp-json\/wp\/v2\/categories?post=34103"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/bitunikey.com\/news\/wp-json\/wp\/v2\/tags?post=34103"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}