Researchers at Ledger’s Donjon security team have shown that a precisely timed laser pulse, aimed at the chip inside a Tangem crypto wallet card, can reset the card’s password to anything the attacker picks.

No old password. No backup card. Once it is reset, whoever did it controls the wallet and can move the coins out.

This is not an emergency for most owners. The attack needs the physical card in hand and a lab that Donjon puts at around $250,000. It also means cutting the card open, which leaves damage no one can miss. It cannot be done over the internet, and there is no fix coming: Tangem cards cannot take software updates, so every card already sold carries the flaw.

The one group that should act now is anyone whose card is lost or stolen and holds serious value.

How the card is meant to protect you

A Tangem wallet looks like a plain bank card. Tap it to your phone, and a companion app talks to a Samsung S3D232A chip inside. That chip is a secure element, built to resist tampering and certified to a high grade called EAL6+.

It holds the secret key that controls your crypto and never lets it out. Two things are meant to stand between a thief and your money: holding the card and knowing the password.

The weak point is the password reset feature. Tangem sells its cards in linked sets, and if you forget your password, you can set a new one by holding two of your cards together. Deep inside that process, the card runs a single check: is this card in recovery mode? If yes, it accepts a new password without asking for the old one.

A laser pulse fired at the chip at the exact moment it runs that check does not quietly rewrite a stored value. It briefly disturbs the chip’s own circuitry, so the check misfires and the card behaves as if it were in recovery mode when it is not.

With the check defeated, the card’s ordinary SetPin command accepts a brand-new password: no old password, no second card, no recovery step. Turning the recovery feature off does not help, because the same check still runs on every card.

Hard to do, and unfixable

None of this is easy. It took a laser rig, sensitive measuring gear, deep hardware skill, and a long stretch of up-front work to map the chip and find the exact spot and timing. The card has to be cut open and its chip exposed, which leaves obvious damage.

There is no doing this quietly and slipping the card back into a pocket. Donjon reports that once the settings were locked in, the attack worked on every card it tried, at about two hours each. The team reported the flaw to Tangem on February 10, 2026.

The bigger problem is permanence. Tangem builds its cards with no way to update the firmware, and presents that as a security feature: nothing can be changed, so nothing can be tampered with from a distance. Here, that same design cuts the other way, leaving a flaw in the code that can never be corrected.

As the researchers put it, “there’s no patch, but the attack is physical and…


Source link

Disclaimer

We strive to uphold the highest ethical standards in all of our reporting and coverage. We blogs.grocliq.com want to be transparent with our readers about any potential conflicts of interest that may arise in our work. It’s possible that some of the investors we feature may have connections to other businesses, including competitors or companies we write about. However, we want to assure our readers that this will not have any impact on the integrity or impartiality of our reporting. We are committed to delivering accurate, unbiased news and information to our audience, and we will continue to uphold our ethics and principles in all of our work. Thank you for your trust and support.

Website Upgradation is going on for any glitch kindly connect at [email protected]

 

 

Categorized in:

Blog,

Last Update: July 10, 2026