Loading prices…
STKR NewsSTKR News0 of 3 free this month
Markets

Ledger researchers disclose Tangem card flaw; Tangem says risk to everyday users is ‘virtually non-existent’

A hardware vulnerability in Tangem cards highlights the ongoing cat-and-mouse game between crypto security researchers and the promise of simple, card-based cold storage for the masses.

Originally on The Block
AB

Adrian Boysel

Contributor

Jul 10, 2026

5 min read

Photo illustration / STKR News

Hardware security is an arms race where the goalposts aren't just moving—they're being vaporized by lasers. The recent back-and-forth between Ledger Donjon, the research arm of the industry giant Ledger, and the card-based wallet maker Tangem is a perfect example of why the phrase 'unhackable' should be banned from our vocabulary. It also highlights a fundamental tension for builders: the trade-off between user friction and physical security.

The Laser in the Room

Ledger’s researchers recently detailed a vulnerability involving a targeted laser attack on Tangem’s hardware. By stripping the outer casing of a Tangem card and hitting specific portions of the chip with a laser, researchers were able to induce a fault that bypassed the card's recovery-state check. In plain English, they tricked the card into thinking it was in a setup mode, allowing them to reset the password without wiping the private keys. To an attacker with physical possession of your card, this is the holy grail: access to your funds without the PIN you spent five minutes agonizing over.

Tangem’s response was swift and, from a PR perspective, predictable. They argued that the risk to the average user is essentially zero. To pull this off, you need a specialized laboratory, high-end optical equipment, and the physical card itself. Your local pickpocket isn’t carrying a pulse-laser setup in their back pocket. However, as builders, we have to look past the 'unlikely' tag and look at the architectural choices that made this possible.

The Conflict of Philosophy

This isn't just a technical bug; it's a clash of philosophies. Ledger builds devices that look like calculators or USB sticks, filled with screens and buttons to provide air-gapped verification. They lean into complexity because they believe complexity is a byproduct of high-security verification. Tangem, on the other hand, wants crypto to feel like a credit card. No screens, no batteries, just tap-and-go. Most users love this because it feels familiar. But that convenience comes at a cost: you are wholly dependent on the integrity of the chip's firmware and the physical resistance of the casing.

When you remove the screen from the equation, you lose the 'What You See Is What You Sign' (WYSIWYS) guarantee. You are trusting the card and the phone app to tell you the truth. If a sophisticated actor can bypass the firmware checks using hardware fault injection, the user loses their only line of defense. For most people, this is a fair trade. For people holding life-changing amounts of capital, it's a dealbreaker.

What This Means for Founders and Builders

If you’re building in the hardware or infrastructure space, there are three hard truths to pull from this disclosure. First, physical security is never absolute. If an attacker has physical access and enough time, they will eventually find a way in. Your goal shouldn't be to build an unbreakable box, but to build a box that is so expensive and time-consuming to break that the effort outweighs the potential loot.

Second, we need better transparency about recovery states. The core of this flaw wasn't the laser itself; it was a logic error in how the firmware handled a interrupted state. When building state machines for wallets, 'fail-closed' must be the default. If the hardware detects any anomaly in its boot sequence or power delivery, it should brick itself before it reveals a single bit of a private key. Tangem argues their design prioritizes preventing 'accidental' bricking, but in crypto, we usually prefer a dead card to a drained wallet.

Third, we have to be honest about the threat model. Tangem is right that this isn't a 'remote' hack. Your funds aren't going to vanish because you clicked a bad link. But as the value of crypto assets grows, the incentive for sophisticated physical attacks grows with it. We are moving toward a world where 'evil maid' attacks—where a card is stolen, manipulated in a lab, and returned before you notice—are a real consideration for high-net-worth individuals.

The Complexity vs. Security Paradox

There is a recurring theme in the history of cybersecurity: the more we simplify the user interface, the more we abstract away the security risks. Tangem’s brilliance is its simplicity. It makes onboarding non-technical people possible. But that simplicity hides the fact that the entire security model rests on a tiny piece of silicon that can be manipulated by light. Ledger, conversely, is the school of 'trust but verify,' which often leads to a user experience that feels like using a 1990s pager.

As builders, we often feel pressured to choose one side. We want the mass adoption that comes with a tap-to-pay interface, but we don't want the liability of a physical exploit. The middle ground is likely multi-signature or social recovery. If a single Tangem card can be cracked in a lab, the solution isn't necessarily to make the card 'laser-proof' (an expensive and likely futile task), but to ensure that one card is never the single point of failure. If you need two cards or a card and a biometrically locked mobile app to move funds, the laser attack becomes a lot less scary.

The Bottom Line

Don’t throw your Tangem card in the trash. It remains one of the more robust ways for a retail user to get their coins off an exchange. However, if you are building the next generation of hardware, take this as a reminder: the device is only as strong as its weakest logic gate. Fault injection isn't science fiction; it's a standard tool for attackers. If your security model assumes the chip will always behave as programmed under stress, you've already lost. Build for the scenario where the hardware is compromised, and you'll build something that actually lasts.

Takeaway

Physical possession is 9/10ths of the hack. While Tangem’s vulnerability requires a lab, it proves that 'sleek' often masks 'vulnerable.' Builders should focus on multi-factor physical security rather than chasing the myth of an impregnable single chip.


Read the original at The Block →

The Brief

Stay Updated on Cutting-Edge Tech

A six-minute morning dispatch on the markets and the technology shaping them.

Free. No spam. Unsubscribe anytime.

Write for STKR

Become a Contributor

Earn $STKR for published stories on markets, protocols, and culture.

  • Earn $STKR for every published piece
  • Editorial support from the STKR desk
  • Byline visibility across the network
  • First look at the upcoming creator program
Apply to Write

Keep reading

All stories

Comments

24 reader responses