A laser resets Tangem wallets, and there's no patch
Ledger Donjon's laser fault-injection attack resets a Tangem card's password without the old one. There is no patch — Tangem ships no firmware updates.
Researchers at Ledger’s Donjon security team published a writeup Thursday showing that a Tangem crypto wallet card’s user password can be reset to whatever the attacker chooses — not by knowing the old password, not by stealing a backup, but by aiming a precisely timed laser pulse at the Samsung S3D232A secure element inside the card at the moment it checks the password. The chip is certified to EAL6+, which is meant to be a very high bar for tamper resistance. It is that bar that the attack clears.
The class of attack has a name in the smartcard-security literature — laser fault injection — and the specific move Donjon demonstrates is old in shape. The chip runs the password check, and at the microsecond the comparison executes, a laser pulse briefly disturbs the surrounding circuitry so the comparison misfires. No stored value is rewritten. No cryptographic secret is exfiltrated. The verification code just decides, for one clock cycle, that the wrong answer is the right one, and the card’s recovery mode obligingly accepts a new password from the attacker. From there, the wallet is theirs.
Donjon reported the flaw to Tangem on February 10, 2026 and published five months later, a fairly standard coordinated-disclosure window. Tangem’s public response, quoted by The Hacker News, is that “the practical risk is virtually non-existent” — the attack requires physical possession of the card, a laboratory-grade optical setup, and knowledge of exactly when to fire. That is all true. It is also the response every vendor gives when a fault-injection paper lands on their product, and it has been the response for about thirty years.
The recurring lesson under this
Fault-injection attacks on smartcards go back to Boneh, DeMillo, and Lipton’s 1997 paper demonstrating that a single glitch in the wrong place during RSA-CRT could leak the private key. The intervening decades produced a steady stream of laser, voltage, clock, and electromagnetic-injection results against smartcards, HSMs, secure elements, and, more recently, hardware wallets. Every one of those disclosures was met with some version of “the practical risk is minimal,” and in the narrow sense, every one of them was right. Very few people own the equipment and the operator time to run these attacks against a physical card they’ve lifted from a specific target.
The recurring lesson is not that the vendor responses are dishonest. It is that EAL6+ is a bar, not a shield. The certification means the chip stood up to a defined evaluation battery under a defined threat model. It does not mean the chip is invulnerable to a well-funded lab that has a reason to try a variant nobody thought to include in the evaluation battery. The certification does what it was designed to do; it just gets read, downstream, as if it were doing something else.
The trap in “un-updateable” hardware
The specific detail that separates this disclosure from the last one is that Tangem’s cards do not ship firmware updates. They cannot. Tangem has long positioned this as a security feature — no update channel is no update channel to compromise — and there is a real argument for it. There is also a trap in it, which today is visible.
Every card the company has sold carries this flaw. There is no fleet-wide fix waiting in a queue. Donjon’s response, quoted in the same coverage, points at exactly this: “there’s no patch, but the attack is physical and invasive.” The “invasive” half is the mitigation. The “no patch” half is the design decision, come due.
None of this makes Tangem uniquely bad. It makes the trade-off explicit. Firmware updates are an attack surface and also a way to close a hole after somebody finds one. An architecture that removes the surface also removes the closer. That is a choice a vendor gets to make; it is one that buyers should be told, in as many words, when they buy.
What owners should actually do
The honest answer is: for the median Tangem owner, not much. Keep the card physically secure the same way you would if it were a bearer bond, because in a real sense that is what it is. Do not hand the card to strangers. Do not leave it in a hotel safe on the assumption that a hotel safe is meaningfully a safe. If you are, plausibly, the kind of target somebody would fund a lab-grade attack against — a large treasury, a public wallet, an exchange cold-store — the calculus is different, and you presumably have people whose job is to think about it.
The rest of us can note the pattern, cite it the next time an “unbreakable” hardware pitch shows up, and move on. That is the maintenance work.
Sourcing
- Ledger Donjon: Bypassing Tangem Card Security with a Laser Attack — 2026-07-10
- The Hacker News: Laser Attack Resets Tangem Wallet Passwords on Cards That Can’t Be Patched — 2026-07-10
- Boneh, DeMillo, Lipton: On the Importance of Checking Cryptographic Protocols for Faults — 1997
- Related: Talos on ‘attackers only need to be right once’ — 2026-07-10
Found this useful? Share it.


