Laser Pulse Cracks Tangem Crypto Card Password in Seconds
Ledger's Donjon team showed a targeted laser can wipe the PIN on a Tangem wallet card, handing full control to whoever holds it.

Key points
- Researchers at Ledger's Donjon security team demonstrated a laser fault-injection attack that resets the password on a Tangem crypto wallet card.
- The attack needs physical possession of the card, lab equipment, and precise timing, so it is not a mass-market threat today.
- Tangem cards use a chip that cannot be updated in the field, meaning already-shipped cards cannot be patched.
- Once the password is reset, the attacker can move any cryptocurrency held by that wallet.
- Owners worried about the risk should treat the card like cash and never let it out of their sight.
A crypto wallet card is supposed to be the boring, safe option. You keep it in your drawer, tap it on your phone when you want to move coins, and trust that the PIN protects everything. Researchers just poked a hole in that story.
Ledger's Donjon security team, the in-house hackers at rival wallet-maker Ledger, aimed a laser at the tiny chip inside a Tangem card at exactly the right moment. The pulse nudged the chip into skipping a check. The card then let them set a brand-new password, without ever knowing the old one.
After that, the wallet is theirs. They can drain the coins.
Should Tangem owners panic?
No, and here is why. This is a lab attack, not something a pickpocket can do on the bus. It needs the physical card in hand, a laser rig aimed at a decapped chip (the plastic shaved off to expose the silicon), and the kind of timing gear you find in hardware security labs. In practice, if a criminal has that much access to your card and that much specialist kit, you already have a bigger problem.
The uncomfortable part is what happens next. Tangem cards are built around a secure element, a locked-down chip that cannot receive firmware updates once it leaves the factory. So there is no patch coming for cards already in wallets and safes. The fix, if there is one, ships in a future hardware revision.
The research was first reported by The Hacker News.
What is fault injection, in plain words?
Modern chips run millions of tiny checks a second. Fault injection means deliberately glitching one of those checks so it gives the wrong answer. Attackers use lasers, voltage spikes, or clock tricks to do it. Aim at the right transistor at the right microsecond and a "is the password correct?" check can flip to "yes" when it should say "no".
Hardware wallet vendors have known about laser fault injection for years. Ledger's own products have been probed the same way, which is why Donjon exists in the first place: it is genuinely useful research, even when it is aimed at a competitor.
What should Tangem owners actually do?
Treat the card like a wad of cash in bearer form. Do not lend it, do not leave it in hotel rooms, do not post pictures of it. If you lose physical control of the card even briefly, move the funds to a fresh wallet.
For anyone holding meaningful amounts of crypto, a second layer helps. Split funds across more than one wallet from different vendors. Keep the bulk in cold storage that requires more than one device to authorise a transfer.
Tangem, for its part, will need to answer whether a new hardware revision is coming and what it plans to do for existing customers. "Physical attack, out of scope" is a defensible line for a threat model. It is a harder line to hold when the physical attack has a working proof of concept and your chip cannot be patched.
The failure mode here is not the laser. It is shipping unpatchable hardware and hoping no one shows up with the right lab gear.
Operational takeaway: if your security model assumes attackers never get their hands on the device, you do not have a security model, you have a hope.



