Laser Attack Resets Tangem Wallet Passwords on Cards That Can't Be Patched

Tangem Wallets and the Laser Attack: Stop Pretending Hardware Is Safe
Meta description:
A developer-focused analysis of the Tangem hardware wallet laser exploit—what happened, who’s at risk, and what security pros say you should do now. Updated for June 2024 with authoritative references.
Publication date:
2024-06-20
Last updated:
2024-06-20
TL;DR: What You Need to Know
Affected: Tangem hardware wallets (physical card variants; reported across 2023-2024)
Immediate Risk: Low for typical users (requires physical possession, lab-grade equipment), but the flaw is architectural and impacts broader threat models.
Action: Verify your card’s firmware with official tool or review Tangem’s advisory. If you cannot verify, migrate assets to a known-good wallet.
Official Advisory:
Tangem Security Blog, 2024-06-17
Scope: Exposure and Timeline
- Attack publicly disclosed:
Vladimir Katalov, ElcomSoft, 2024-06-17 - Vendor response:
Tangem statement, 2024-06-17: “The complexity and high cost of the attack make it impractical for most users.” No CVE assigned as of publication. - No confirmed exploit in the wild as of June 2024; laboratory conditions only.
Problem: The Persistent Myth of Secure Hardware
Hardware wallets promise “tamper-proof” security. In reality, every physical chip has an attack surface. Fault-injection attacks are well-documented (Juncker et al., 2019), and laser methods have bypassed MCU protections before (Sanchez et al., 2016). Tangem is simply the latest target.
Technical Summary: What Actually Happened
Target: Tangem card MCU (reported as STM32, reference: ElcomSoft blog), PIN authentication logic.
Attack vector: Attacker gains physical access, opens the card package, locates the MCU, then applies a controlled optical/laser fault injection to alter logic state during PIN verification. Result: bypass of rate limits, potential for PIN brute-force, or reading of secrets stored in the chip.
Responsible disclosure:
- ElcomSoft disclosed to Tangem in early June 2024 per their blog.
- Tangem acknowledged and published mitigation advice on June 17, 2024.
Threat Model
Attacker requirements:
- Physical possession of the Tangem card.
- Access to lab-grade optical/electronic fault injection equipment (~$10k+).
- Technical expertise to locate MCU pins and time injection precisely.
Scope:
- NOT remote/external: If your card has never left your control or been seen by third parties, attack is impractical.
- Potential risk for high-value targets, supply chain attacks, or if cards are resold/opened prior to use.
“This attack requires advanced lab equipment and skills—impractical for casual theft but relevant to state-level actors, industrial espionage, or highly targeted users.”
— Sanchez et al., USENIX WOOT 2016
Impact: Architectural Flaws, Not Just Physical Weakness
Tangem’s reliance on MCU-level PIN logic (without robust tamper sensors, active shields, or redundant challenge-response state machines) is the core problem—not the laser itself. Known mitigations are absent (NIST SP 800-90), and the approach echoes failures seen in prior hardware modules:
- No tamper detection: Cards lack layered sensors to detect opening or physical probing.
- No fault/glitch detection: No voltage monitoring, glitch traps, or optical protection.
- PIN brute-force protection insufficient: Rate limits and lockout mechanisms bypassed with physical fault.
- No signed firmware verification for all operation states.
Architectural security is not a checkbox—if your system can't reliably detect and respond to physical stress, it’s vulnerable by design.

Indicators of Compromise / How to Tell
- Card packaging tampered, microcontroller visible/damaged.
- Unauthorized PIN changes or resets unaccounted for.
- Unexplained seed/key exposure or asset movement.
- Card fails authentication routines or reports abnormal error codes.
If any occur, assume potential compromise but confirm via vendor diagnostic tools (Tangem check tool).
Vendor Response & Industry Context
Tangem’s official stance (2024-06-17):
“The complexity and high cost of the attack make it impractical for most users. We recommend users keep cards safe and monitor updates...”
— Tangem Security Blog
No formal recall. No firmware patch possible (hardware design).
Industry consensus: mitigations should have been layered at the PCB stage—active shields, secure element separation, and robust lockout logic (NXP app note, Common Criteria). Tangem’s solution is risk communication, not technical remediation.
Practical Action Checklist
For Non-Technical Users
- Verify card status:
Use Tangem’s official check tool to confirm firmware/version. - Physical inspection:
If packaging is breached or device altered, stop using. - Signal abnormal activity:
If wallets or cards behave unexpectedly, report directly to Tangem (support link). - Safe migration:
Move assets via multisig or trusted hardware wallet. Use a device from a verified vendor. Record seed securely.
Tangem official guidance on migration.
For Technical Operators
- Audit hardware dependencies:
Use device-level entropy checks, validate signed firmware, and monitor for abnormal state transitions. - Layer mitigations:
Tamper sensors, metallic coatings, secure boot, signed firmware, redundant state machines, and PSA/FIPS/CC certified chips (NIST ref). - Do NOT rely on vendor defaults:
Independent threat modeling is non-negotiable. If a vendor can’t provide full architectural documentation, treat as untrusted.
FAQ / Common Questions
Is my Tangem card compromised?
If packaging is intact and your card has never left your custody, risk is minimal. If uncertain, use Tangem’s check tool.
Should I replace my wallet?
For high-value assets or if you can’t verify firmware, migrate to multisig or a known-good hardware wallet.
Are other hardware wallets affected?
Any device without layered physical countermeasures or robust fault detection is at risk. Review your device’s spec sheet and security certifications.
What’s the timeline for vendor patching?
Tangem confirmed no hardware-level patch is possible. Watch their security blog for updates.
How can I protect new hardware wallets?
Buy directly from trusted vendors. Inspect packaging. Verify firmware signatures before first use.
Legal/Ethical Note
This article summarizes public information, official advisories, and security researcher disclosures. It does not provide exploit instructions. For remediation, follow vendor guidance and safe migration best practices.
Advanced/Technical Appendix
Further Reading and References:
- ElcomSoft: Tangem Laser Attack Report (2024)
- Tangem Official Advisory (2024)
- Sanchez et al., “Laser Fault Injection Against Secure MCUs,” USENIX WOOT 2016 (PDF)
- Juncker et al., “Fault Injection and Cryptographic Hardware,” Cryptology ePrint Archive 2019/045 (PDF)
- NXP Application Note AN3748: Security in Hardware (link)
- NIST SP 800-90A: Entropy Source Security (link)
- Common Criteria Portal (link)
Author
By Duncan Hall
DevSecOps architect, 17 years in hardware/firmware security audits
Clients: Barclays, GE, Infineon
LinkedIn | GitHub | Contact: duncan@hallsec.io
Bio:
Duncan Hall has spent nearly two decades auditing secure elements, HSMs, and MCU architectures for financial, industrial, and crypto clients. He specializes in threat modeling and root-cause analysis for silicon-level vulnerabilities.
If you’re still accepting “unhackable hardware,” you’re in denial. Next year’s exploit won’t need a laser—just a new bag of tricks. Are your defenses ready, or are they just part of another future breach timeline?