A development has reignited debates over security in the cryptocurrency hardware wallet market. Ledger researchers have identified a critical vulnerability in Swiss-based Tangem hardware wallet cards that could be exploited through physical intervention. The flaw would allow the device’s password protection to be reset using a specialized laser attack.
According to the information shared by the researchers, this attack requires physical access to the device. Moreover, this is not the kind of attack that ordinary users can easily carry out. This requires approximately $250,000 worth of laboratory equipment and advanced technical expertise. The vulnerability is therefore considered more in the context of sophisticated physical attack scenarios targeting high-profile targets.
How laser attack works
According to the details of the report, the attacker can trigger the password reset process by affecting the security mechanism of the Tangem card with laser intervention. Since the main purpose of hardware wallets is to store private keys offline and in a secure environment, such vulnerability allowing password resets is considered a significant risk for the industry. The fact that the attack cannot be carried out remotely limits the risk for everyday users. However, it should be noted that device security could theoretically be compromised if physical access was gained.
No software fixes available
One of the most critical points is that the vulnerability cannot be fixed with a software update of the Tangem cards currently in circulation. The researchers say that due to the hardware design of existing cards, it is not possible to patch this vulnerability later. This may require addressing the security issue through new manufacturing processes or hardware revisions. This is a stark reminder that some hardware flaws may remain permanent once devices are shipped.
What this means for users
Experts emphasize that hardware wallet users should accurately assess the scale of the threat in these reports. Attacks requiring physical access, high cost and a laboratory environment seem unlikely for everyday use. But the incident once again highlighted the critical importance of independent security audits and transparent technical disclosures in the hardware wallet industry. Users may want to stay informed, but probably won’t need to panic over this specific vulnerability.
*This does not constitute investment advice.
![]()



