July 11, 2026 at 13:55
/BY
KORBEN ✨/4 MIN READ/Related categories
You know the concept of a crypto wallet in credit card form?
It’s made up of a chip, a PIN, and your precious crypto private keys tucked inside. Well, it turns out that Baptistin Boilot, a researcher at Ledger Donjon, has just shown that with a laser, a scalpel and a serious amount of patience, you can force a new PIN onto a Tangem card without ever knowing the old one. That’s
the demonstration his lab just published
, and the craziest part is that it works against a Samsung secure element certified EAL6+ – in other words, the very top of the range when it comes to security chips.
One tiny one-nanosecond laser pulse fired at exactly the right spot, and the success rate for resetting the card’s PIN jumps to 100%!!
Sure, Ledger Donjon is Ledger’s security lab – a direct competitor of Tangem – and Tangem wasted no time pointing that out. Except the vulnerability was disclosed to the brand back in February 2026, well before publication, so everything was done by the book. And Ledger isn’t exactly in a position to lecture anyone about screw-ups (remember
their customer database leak[FR]
), so let’s judge the technical work rather than the commercial rivalry.
Their target is the SetPin instruction – the one that manages the PIN protecting your funds. Somewhere in there, the chip asks itself a very simple question, something like “is this card in recovery mode?“. The laser shot corrupts that check at the exact moment it runs. It doesn’t fry anything – it just skews the result for a split second, which causes the chip to accept a new PIN without ever verifying yours.
That said, the barrier to entry is pretty steep. To get there, the researchers opened the card with a scalpel, removed the metal shielding, desoldered the chip, rewired everything onto a custom board, and replaced the NFC antenna with a wired power supply to control every signal. Real craftsman’s work! Add around $250,000 worth of equipment – laser, oscilloscope, electromagnetic probe – plus a whole lot of time: 1 hour of laser scanning for the first success, then 2 hours per card after that, not to mention all the R&D upfront.
The chip fights back, too. It keeps a fault counter in flash memory and locks itself permanently after a few hundred failed attempts. Except the researchers found the workaround: cut the power at the precise moment the chip is about to log the incident. The counter barely increments at all, and a card that should have locked up very quickly ended up taking more than a full day of laser shots!
So, the question you’re definitely asking yourself is: is your Tangem still reliable? For everyday use, yes – because it requires physical access to the card. Plus the operation leaves perfectly visible damage (a card carved up with a scalpel is pretty hard to miss), and I doubt anyone is going to set up a quarter-million-dollar lab to drain your wallet.
Now, it’s true that this flaw will never be fixed, because Tangem cards have no firmware update mechanism whatsoever. That might sound absurd, but it’s actually not that dumb – no updates means no tainted updates. Heh heh.
But now that the hole exists, and no patch is possible, it means every card in circulation – including maybe yours – stays vulnerable forever. And the one you’d buy today? Same story, just as vulnerable, for as long as Tangem doesn’t redesign its hardware.
So yes, the attacker doesn’t read your secrets – they just take control of the wallet by forcing their own PIN onto it, a bit like
a secure smart card[FR]
being forcibly unlocked without reading its contents. That’s why Tangem considers the risk virtually non-existent, pointing out in passing that any secure element will eventually crack if you throw enough time and money at it.
Bottom line: if you’ve got a Tangem sitting in a drawer somewhere, don’t panic – just keep it close, because as far as fixes go, you’ll be waiting a long time. There won’t be any.
This article was originally written in French and automatically translated. Read the original.
This article may contain AI-generated images. I take great care with every article, but if you spot a slip-up, let me know!
Did you like this article?
Then join my community on Patreon for exclusive articles, advanced tutorials and lots of other surprises I keep for my supporters. It’s thanks to you that I can keep sharing my passion after 20 years!

