A development has reignited security debates in the cryptocurrency hardware wallet market. Ledger researchers have identified a critical vulnerability in Swiss-based Tangem hardware wallet cards that could be exploited through physical intervention. The flaw reportedly allows for the resetting of the device’s password protection using a specialized laser attack.
According to information shared by the researchers, this attack requires physical access to the device. Furthermore, it is stated that this is not the kind of attack that ordinary users can easily perform; it requires approximately $250,000 worth of laboratory equipment and advanced technical expertise. Therefore, the vulnerability is considered more within the scope of sophisticated physical attack scenarios targeting high-profile targets.
According to the details in the news report, the attacker can trigger the password reset process by affecting the Tangem card’s security mechanism with a laser-based intervention. Since the primary purpose of hardware wallets is to store private keys offline and in a secure environment, such a vulnerability that allows password resets is considered a significant risk for the industry. Although the fact that the attack cannot be carried out remotely limits the risk for everyday users, it is noteworthy that the device security could theoretically be compromised if physical access were gained.
One of the most critical points is that the vulnerability cannot be fixed with a software update for Tangem cards currently in circulation. Researchers state that due to the hardware design of existing cards, patching this vulnerability later is not possible. This may require addressing the security issue through new manufacturing processes or hardware revisions.
Experts emphasize that hardware wallet users should accurately assess the scope of the threat in such reports. While attacks requiring physical access, high cost, and a laboratory environment may seem unlikely for everyday use, the incident once again highlighted the critical importance of independent security audits and transparent technical disclosures in the hardware wallet sector.