Crypto Companies News

Tangem Bitcoin Wallet Cards Face Physical Attack Risk, Ledger Says

Denis O.
10 July 2026 2 min read

A Ledger security team says Tangem Bitcoin wallet cards can be broken with a laser attack that lets an attacker drain funds.

A crypto card from Tangem, a wallet maker, can be taken over with a lab-grade laser attack, but only if the attacker physically has the card, according to Ledger Donjon, the security research team at crypto wallet maker Ledger.

In a research report, Ledger Donjon said it found a “critical vulnerability” in Tangem cards that lets bad actors reset the card’s password without knowing the old one.

After that, the attacker can sign transactions and move the funds tied to the wallet.

Read also: Binance Bitcoin Wallets Show 85% Quantum Exposure, Glassnode Says

Contents

Lost Card Is the Real Risk

As Ledger Donjon claims, the issue affects all Tangem cards now in use and cannot be patched because the cards do not have a firmware update system.

“The vulnerability affects all Tangem cards currently in circulation and cannot be patched, as the cards have no firmware update mechanism.”

The good news is that this isn’t a remote hack as the attacker would need physical access to the card, expensive lab equipment and deep hardware-security skills.

Ledger Donjon said its setup cost about $250,000, while the attack also requires opening the card and using a laser pulse on a tiny part of the chip inside.

“Product is Fully Safe”

But Tangem pushed back on the real-world danger, saying in its comment that the attack isn’t scalable and would require a skilled lab operator. The Tangem team said:

“The honest conclusion is that the card could only be broken by a highly-skilled lab operator willing to destroy an unspecified number of cards to characterize the chip.”

Ledger Donjon said it disclosed the issue to Tangem on February 10. Tangem said the report doesn’t change its view that the wallet is “is fully safe against real-world attack scenarios.”

The company said no known real-world losses have come from laser fault-injection attacks on hardware wallets, while users lose money far more often through seed phrase mistakes, malicious apps, scam contracts and bad clicks.

Read more: Irish Police Gain Access to Criminal’s Bitcoin Wallet

Denis O.

Crypto news reporter at Bitcoin Foundation covering topics including crypto markets, DeFi exploits, and regulatory developments. He was previously a reporter at The Defiant, crypto.news, currency.com, iHodl, BeInCrypto, and other…