Researchers at Ledger's Donjon security team disclosed a critical vulnerability in Tangem crypto wallet cards. A precisely timed laser pulse directed at the card's embedded chip can reset the device's password without requiring the original credential.

The attack gives an attacker complete control over the wallet. Once the password resets, the attacker can move cryptocurrency funds freely. The method requires no backup card or knowledge of the existing password.

Tangem cards store private keys on a secure chip and require a PIN to authorize transactions. The laser attack exploits the chip's physical properties, forcing a reset state that bypasses authentication checks. Donjon researchers demonstrated the technique works consistently with proper timing and positioning.

The vulnerability affects all Tangem card hardware. Tangem cannot patch this flaw through firmware updates because the vulnerability exists at the silicon level. The weakness stems from how the chip handles electrical signals during specific operational states.

However, practical risk remains limited. The attack requires specialized equipment, physical access to the card, and technical precision. An attacker needs a laser capable of microsecond-level timing control, knowledge of the exact chip architecture, and the ability to position the laser accurately. Most users store Tangem cards safely in wallets or secure locations, making casual theft unlikely.

Tangem has not issued a public statement on the vulnerability. The company could mitigate exposure by recommending users store significant cryptocurrency holdings on cards kept in physically secure locations, such as safes. Users should also avoid leaving Tangem cards unattended in locations where attackers might gain temporary access.

The disclosure highlights a broader challenge in hardware security. Silicon-level vulnerabilities cannot be fixed through software patches. Manufacturers must address such flaws in next-generation hardware revisions. For users holding substantial crypto assets, the attack method represents a real but manageable threat that depends entirely on an attacker's ability to obtain physical possession