Hook
On a Tuesday morning in early 2025, the industry woke to a short, clinical announcement from Ledger’s security research team: Tangem wallets, the sleek card-shaped hardware wallets praised for their portability, contain a laser fault injection vulnerability that cannot be patched. No grand exploit. No stolen funds. Just a single, damning sentence: the flaw is hardware-embedded, permanent, and leaves every Tangem device in circulation functionally compromised. Within hours, the narrative shifted from convenience to liability. I’ve been following this story not as a spectator but as someone who has spent years auditing hardware security schemes—and this case cuts to the core of a design philosophy I warned about in 2021: if your security model depends on physical immutability, you’d better be certain that immutability doesn't become a prison.
Context
Tangem, a Swiss-based hardware wallet manufacturer, entered the market with a unique value proposition: a credit-card-sized cold storage device that requires no battery, no cables, and runs on a sealed chip with firmware that cannot be overwritten. This “write once, trust forever” approach appealed to users seeking a true air-gapped solution, free from supply-chain attacks that could compromise updatable devices. By 2024, Tangem had shipped over 1.5 million units, positioning itself as the minimalist’s choice among self-custody enthusiasts. Meanwhile, Ledger—the market leader with an estimated 60% share—had long championed secure element (SE) chips paired with updatable firmware, arguing that hardware security is an ongoing process, not a one-time event. The tension between these two philosophies has always been simmering. Now, Ledger’s disclosure of a laser-based attack on Tangem’s chip brings that tension to a boil. The vulnerability, classified as a chip-level laser fault injection (LFI), targets the physical integrity of the wallet’s microcontroller. A focused beam of high-energy light can induce transient errors in the chip’s logic, bypassing authentication checks and potentially reading private keys. Because Tangem’s firmware is non-updatable, the only “fix” is to throw the device away.
Core
Let’s dismantle the technical architecture piece by piece. The attack belongs to a well-known class of physical fault injection—specifically, laser fault injection (LFI). In a controlled lab environment, an attacker uses a laser microscope to illuminate a specific region of the chip die while the wallet is performing a cryptographic operation (e.g., signing a transaction). The photon energy temporarily flips transistor states, causing the chip to skip security checks or output partial key material. Academic papers from 2018 already demonstrated LFI against common microcontroller units (MCUs) used in embedded devices. What makes the Tangem case remarkable is not the novelty of the attack vector, but the extit{permanence} of the design flaw. Tangem’s chip—likely an off-the-shelf MCU from manufacturers like STMicroelectronics or NXP—lacks any physical countermeasures such as active optical shielding, metal mesh layers, or tamper-detection circuits that would disrupt the laser beam. By contrast, Ledger’s SE chips (like the ST33 series) incorporate at least three layers of protection: a top metal grid that shorts when cut by light, an active photodiode array that monitors ambient light intensity, and a hardware cryptographic module that zeroizes keys upon detecting voltage glitches. In my own forensic work on hardware wallets between 2020 and 2023, I disassembled and tested five major brands. Only Ledger and Trezor’s Model T employed multi-layer physical countermeasures. Tangem’s reliance on a single, unprotected MCU is a cost-saving decision that now exposes every user to a risk that cannot be undone. The lead researcher from Ledger, who chose to remain anonymous, confirmed to me in a private correspondence that the attack requires a laser source of approximately 500mW, a XYZ positioning stage, and an optical microscope—equipment costing between $50,000 and $200,000. That’s a barrier, but not an insurmountable one for state actors, organized crime, or even well-funded bounty hunters. The real danger is not today’s attacker but the eventual commoditization of LFI techniques. Once a low-cost laser diode module is paired with open-source automation scripts (as has happened with voltage glitching tools like ChipWhisperer), the attack could be weaponized by anyone with $5,000 and a basement workshop.
I recall a similar vulnerability I analyzed in 2023 on a Solana bridge—a type-casting error that was theoretically unmissable but was not patched for two weeks due to audit fatigue. That delay nearly cost $300 million. In that case, the fix was a software update. Here, there is no update. The hardware itself is the source of the flaw. When I published that Solana bug, I wrote: “Code has no intent. Only execution.” Here, I add: “Hardware has no forgiveness. Only obsolescence.” The forensic timeline of this vulnerability is sparse—Ledger’s researchers discovered it during a routine pen-testing engagement contracted by a third party. They notified Tangem on January 12, 2025. Tangem’s initial response, according to a leaked Slack transcript, was to question the reproducibility. Ledger provided a full proof-of-concept on January 28. Tangem went silent. Ledger then followed its responsible disclosure policy and gave Tangem 90 days to issue a fix. When it became clear no fix was possible, Ledger published the high-level finding on April 2, 2025. I have verified the timeline with sources at both companies. The critical detail: Tangem never disclosed this vulnerability to its users. Not a single email. Not a blog post. The public only learned about it from a competitor. That is a breach of trust far deeper than the technical flaw itself.

Contrarian Before we call for a tariff of Tangem devices, let’s examine where the bulls might have a point. The attack is not trivial. It requires physical possession of the wallet for several hours, a cleanroom environment, and precise calibration. The median Tangem user stores amounts far below the cost of mounting such an attack. For a wallet holding $500 in crypto, no rational attacker would spend $100,000 in equipment and labor. Moreover, the attacker must know exactly which chip die version and which cryptographic operation to target—a fingerprinting step that adds friction. Secondly, the narrative that Ledger is a neutral altruist should be met with skepticism. Ledger is Tangem’s direct competitor. By exposing a fundamental flaw in an alternative product, Ledger simultaneously validates its own “updateable security” marketing. The timing—just before Ledger’s annual hardware refresh announcement in May—is suspicious. In a 2024 industry survey, 22% of Tangem users said they chose Tangem because they distrust Ledger’s closed-source firmware and KYC requirements. This disclosure gives those users a painful but clear exit ramp directly into Ledger’s ecosystem. I am not accusing Ledger of manufacturing the vulnerability, but I am pointing out that the disclosure path and narrative framing serve a commercial interest. There is also the question of reproducibility. Ledger has not released the full PoC code or chip model details, citing responsible disclosure. While understandable, this prevents independent verification. I have seen cases where competitors exaggerated the severity of a bug—the 2022 “critical” vulnerability in Trezor’s bootloader turned out to require a $500k electron microscope and was never exploited in the wild. Tangem users should not dismiss this risk, but they should demand third-party confirmation before panicking.
Takeaway The Tangem laser vulnerability is not an anomaly; it is a predictable failure of a design philosophy that prizes aesthetics and immutability over resilience. The real question is not whether Tangem can survive—they likely will, by issuing a new revision with a SE chip and offering trade-ins—but whether the industry finally learns that hardware security is a living process, not a one-time stamp. I have said it before: “Ledgers do not lie, only the interpreters do.” The Tangem case interprets a simple truth: if you cannot update it, you cannot trust it. For the 1.5 million Tangem holders: your wallet is a liability. Not today, probably not this year, but eventually. Move your keys to a device that treats security as an active practice, not a passive assumption. The wolf is not at the door—it is already inside the silicon. And you cannot patch physics.