Ledger’s security research arm, Donjon, just published findings showing that a precisely aimed laser pulse can bypass the password protection on Tangem hardware wallet cards. The attack targets the Samsung S3D232A secure element chip inside the cards, manipulating the firmware’s recovery-state check to reset the access password entirely, no original credentials required.

Here’s the thing that makes this particularly uncomfortable for Tangem users: because Tangem cards lack a firmware update mechanism, the vulnerability is unpatchable. Every single Tangem card currently in circulation is affected, and there’s nothing the company can push out to fix it.

How the attack actually works

The technique is called laser fault injection, or LFI. In English: researchers fire a rapid laser pulse at a specific point on the chip while it’s processing a security check. That pulse causes the chip to momentarily glitch, flipping the logic gate that verifies whether a password is correct.

Instead of asking “is this the right password?” and getting a “no,” the chip effectively gets tricked into thinking it’s in a recovery state where a password reset is allowed. The attacker can then set a new password and unlock the wallet’s contents.