S&P 500 5,278.40 +0.45% NASDAQ 16,755.02 +0.67% DOW JONES 38,886.57 +0.32% RUSSELL 2000 2,084.45 +0.15% VIX 13.42 -1.52% GOLD 2,348.30 +0.21% OIL (WTI) 78.62 +0.18% US 10Y 4.28% -0.04%
All articles Federal Reserve

Ledger Exposes Critical Laser Vulnerability in Tangem Hardware Wallets

Ledger Exposes Critical Laser Vulnerability in Tangem Hardware Wallets

Ledger Donjon, Ledger’s security research team, has uncovered a security vulnerability on Tangem hardware wallets. According to their recently published security disclosure, malicious actors could gain control of users’ cryptocurrencies using laser pulses to bypass password checking on Tangem wallets.

Tangem crypto wallets suffer laser-assisted vulnerability: Ledger 

Here’s the anatomy of the attack: a malicious actor melts away the outer casing of a Tangem card using chemical solvents or high-precision tools to reveal the silicon chip inside. They then use probes to “listen in” on the electromagnetic changes taking place as the card processes a password. This exposes the specific timing of when the card’s firmware is most vulnerable.

At this point, an attacker fires lasers at the card, hence the name “Laser Fault Injection (LFI)” attack. This essentially corrupts the card’s verification process, giving the attacker full access to the wallet.

Anatomy of the security vulnerability on Tangem hardware wallets as revealed by Ledger
Add Coinpedia as a trusted source in Google NewsAdd Coinpedia as a trusted source in Google News

So far, there are no reported cases of this kind of theft. Researchers and the Tangem company also agree that the occurrence is rare since the laser technology used to penetrate the card costs about $250,000. Additionally, the situation demands physical access to the card and cannot be performed remotely.

Possible victims and theft prevention

Companies such as Arculus and Cypherock X1 offer a similar product, but no such vulnerabilities have been reported. However, while they lack Tangem’s specific password-reset bug, all microchip-based cards are inherently vulnerable to LFI. 

That said, the orchestrators of such an attack would likely be state-sponsored actors, law enforcement, or highly funded criminal syndicates. It is also likely that they understand their victims’ finances well enough to carry out the capital-intensive attack.

Those who have lost or misplaced their cards are urged to use their backup cards (Tangem cards come in sets of three) to relocate their crypto assets.

Was this writing helpful?

Story Ends Here

Trust with CoinPedia:

Investment Disclaimer:

All opinions and insights shared represent the author’s own views on current market conditions. Please do your own research before making investment decisions. Neither the writer nor the publication assumes responsibility for your financial choices.

Sponsored and Advertisements:

Sponsored content and affiliate links may appear on our site. Advertisements are marked clearly, and our editorial content remains entirely independent from our ad partners.

Read the Next News

Eagle One Intelligence

The edge serious investors read.

Macro shifts, market structure, and the ideas worth tracking — straight to your inbox.

Note. For informational purposes only. Not financial advice. Past performance does not guarantee future results.