
A laser pulse can reset the password on every Tangem wallet card. The flaw is unpatchable. Ledger Donjon published the findings Tuesday. Attack cost: $250,000.
Ledger Donjon, the security research arm of the hardware wallet maker, published findings Tuesday showing a precisely aimed laser pulse can bypass the password protection on every Tangem wallet card sold to date. The attack targets the Samsung S3D232A secure element chip inside the cards. Because Tangem cards lack any firmware update mechanism, the vulnerability is permanent. There is no fix the company can push out.
The technique is called laser fault injection, or LFI. Researchers fire a rapid laser pulse at a specific point on the chip while it processes a security check. The pulse causes the logic gate that verifies the password to glitch. Instead of returning a “no,” the chip enters what it thinks is a recovery state where a password reset is allowed, Donjon said. The attacker can then set a new password and gain full access to the wallet’s contents.
The Samsung chip carries an EAL6+ security certification, a high assurance rating. The attack requires physical possession of the card, access to laboratory equipment, and an estimated $250,000 in setup costs, according to Donjon’s report. It also demands advanced hardware security expertise, including the ability to characterize the specific chip and bypass protections like flash-write fault detection.
Ledger Donjon disclosed the vulnerability to Tangem on February 10, 2026, roughly five months before publishing the report on July 9. That follows a standard responsible disclosure timeline.
Tangem’s public response has been to downplay the risk. The company called the attack specialized, non-scalable, and closer to theoretical lab testing than a realistic threat for everyday users, Donjon said. The framing is not entirely wrong. It also sidesteps an uncomfortable reality: the flaw cannot be patched, and every card in circulation carries it permanently.
This is the second major security report Donjon has published targeting Tangem within roughly a year. The first, released in September 2025, detailed a brute-force attack method against the cards.
Tangem’s architecture does provide natural defenses. The wallets use a seedless model where private keys live entirely within the chip and never get exported. The cards store no identifying information about the owner or their asset balances. An attacker who invested the resources to execute a laser fault injection would first need to figure out which card held enough value to justify the cost. Tangem’s design makes that identification deliberately difficult.
For the average crypto holder storing a few thousand dollars, the $250,000 laser attack is not a realistic concern. The economics do not work. The attacker would spend more on setup than most wallets contain.
For a high-net-worth individual or institutional user protecting millions, the calculus changes. An unpatchable vulnerability in a device that cannot be updated becomes a permanent liability. The inability to push a firmware fix means the risk does not diminish over time. It is baked into the hardware.
The vulnerability is permanent. There is no firmware update, no recall, no workaround for the hardware flaw itself. Tangem cards remain in the market, and every one carries the same glitch.
Prepared with AlphaScala editorial tooling from the source reporting linked above. Indexable analysis may include a cited Alpha Score value. Publishing checks screen each story before release. Educational coverage, not personalized advice.