MiCA explainer
Tangem Laser Attack 13.07.2026: What it Means
Monday, 13th July: An in-depth explanation of the laser fault injection attack on Tangem hardware wallet cards, disclosed by Ledger Donjon on 9th-10th July. What happened, how it works, why it can't be fixed, and what it practically means for Baltic and Nordic self-custody users.
Ledger's security team, Donjon, disclosed a laser fault injection attack on Tangem cards on 9th-10th July, allowing password reset without the existing password. The attack affects all cards in circulation and is unfixable as the cards lack a firmware update mechanism. However, it requires physical possession of the card, a lab worth approximately $250,000, and two hours of work. Tangem describes the risk to the everyday user as 'virtually non-existent'. We explain the technical details, compare it to the Trezor Safe 7 finding in June, and outline what it means for users in the region.
Monday, 13th July 2026. This is an in-depth explanatory publication, not a daily news review. The reason is deliberate: over the past 24-48 hours, there haven't been enough new, precisely datable events in our segment - crypto exchanges, hardware wallets, crypto cards, and tax tools for the Baltic and Nordic markets - to compile a comprehensive daily overview. However, the most significant event of the past week in the hardware wallet category - the Ledger Donjon laser attack on Tangem cards, disclosed on 9th-10th July - is important enough to explain in detail and without exaggeration. Previous day's news on exchanges and CASP licenses are not repeated here as fresh.
What Happened: Ledger Donjon Discloses Laser Attack on Tangem Cards
On 9th-10th July 2026, Ledger's security research team, Donjon, published a technical report on a new physical attack method against Tangem hardware wallet cards. The method - known as laser fault injection (LFI) - allows an attacker to reset the card's password and gain access to the private key material stored within, without knowing the existing password and without a backup card. The researchers themselves disclosed the vulnerability to Tangem on 10th February 2026, following responsible disclosure practices, and released the public report five months later.
This event is significant for Baltic and Nordic users because Tangem's seedless NFC cards are a popular and inexpensive self-custody option in the region, often recommended to beginners precisely due to their simplicity. When the vulnerability is reported directly by Ledger - the largest competitor in the hardware wallet market - it is appropriate both to take the warning seriously and to evaluate it with healthy scepticism. In this article, we attempt to separate the technical essence from market rhetoric.
How the Attack Works Technically
The security of Tangem cards is based on the Samsung S3D232A secure element, certified to the high EAL6+ standard. Ledger Donjon researchers discovered that during the execution of the password change (SetPin) instruction in the chip's firmware, there is one critical conditional check that verifies whether the card is in an authorised recovery state. By precisely firing a nanosecond-long infrared laser pulse at a specific location on the chip's crystal exactly at the moment this instruction is executed, the researchers managed to bypass the check, allowing the card to accept a new password without the existing password or a backup card.
In practice, the attack is not trivial. It requires physical possession of the card, invasive preparation of the card (cutting plastic, removing shielding, modifying connections), laboratory equipment worth approximately $250,000, in-depth knowledge of both hardware and software security, and about two hours of work per attempt after parameter determination. The attack is destructive - the card cannot be returned intact - and cannot be performed remotely via an app, the internet, or NFC. Two circumstances, however, make the finding fundamentally serious: firstly, it affects all Tangem cards currently in circulation; secondly, it cannot be fixed with a software update, as Tangem cards do not have a firmware update mechanism. The researchers also note that the attack works even if the user has disabled the password recovery function.
Tangem's Response: Risk 'Practically Non-Existent'
Tangem published an official response on 9th July, which does not dispute the technical aspects of the finding but challenges its practical significance. The company emphasises that successful execution of the attack simultaneously requires physical possession of the card, expensive laboratory equipment, and highly specialised knowledge, thus rendering the risk to the everyday user 'practically non-existent'. Tangem also states that there have been no known real-world losses of funds from laser fault injection attacks on any hardware wallet to date, contrasting this with seed phrase leaks, which have caused tens of billions of dollars in losses worldwide. The company defends its seedless architecture, claiming it protects users from the most common real threats - phishing and malicious applications - and that a traditional seed phrase poses a greater everyday risk than a laboratory scenario.
It is also important to consider the context of interests: Ledger Donjon operates within Ledger, a direct competitor to Tangem in the hardware wallet market. This does not mean that the finding is false - the methodology is technically sound and responsibly disclosed - but it explains why both the tone of the warning and the tone of the response are charged. An objective conclusion lies in the middle: the vulnerability is real and unfixable, but its exploitation requires resources and access that are not relevant to the everyday threat model for most users.
Broader Context: The Wave of Hardware Wallet Physical Security
The Tangem case is not isolated. It fits into a broader series of Ledger Donjon research on the physical security of competitor hardware wallets. For context - on 3rd June 2026, Ledger Donjon disclosed a similar laser fault injection vulnerability in the TROPIC01 secure element used by the Trezor Safe 7 wallet; the attack allowed one of three PIN-protecting secrets to be extracted, reducing protection from three layers to two. Trezor responded at the time that user funds remained safe because private keys are not stored on the affected chip and compromising one chip does not grant PIN access. These two cases together - Trezor Safe 7 in June and Tangem in July - mark a trend where physical, laboratory-level attacks are becoming an increasingly significant topic in hardware wallet security discussions.
The practical value of these events for users in the region is not panic, but a realistic understanding of the threat model: laboratory attacks require physical device theft and significant resources, while phishing, fake support scams, and malicious applications remain a much more frequent cause of real losses.
What This Means for Baltic and Nordic Users
For self-custody users in the region, three practical conclusions arise from this event. Firstly, physical security is important: if a hardware wallet or Tangem card is stolen or lost and holds a significant amount, it is advisable to move funds to a new wallet with new keys as soon as possible, without relying solely on the attack being expensive. Secondly, the unfixable nature of the vulnerability means this is not a problem that the next update will solve - it must be consciously considered when choosing how much value to entrust to a particular model. Thirdly, when choosing a hardware wallet, it is worth paying attention not only to brand marketing but also to whether the device has firmware update capability and how the manufacturer historically responds to security disclosures.
At the same time, it is important to maintain perspective. For most users, the main real risk is not a laser in a laboratory, but social engineering: fake support calls, phishing links, malicious dApp permissions, and entering seed phrases in untrustworthy places. A hardware wallet - including Tangem or Trezor - is still significantly more secure than storing keys on an exchange or in a software wallet, provided the user follows basic hygiene.
Practical Recommendations for Self-Custody
Regardless of the specific brand, these principles are useful for users in the region: store larger amounts on a device physically located in a secure place, and do not disclose how much or where you store; never enter a seed phrase on a computer or web page; verify the address of each transaction directly on the device screen; and divide funds among several wallets if the amount is significant. These habits protect against much more frequent threats than any laboratory attack.
In summary: the Ledger Donjon finding is technically serious and unfixable, but its practical exploitability is limited to expensive, invasive laboratory scenarios. For users in the region, it is a valid reason to review physical security habits, not a reason for panic.
Context: Market Background
In the market background (background information, not the main topic of this publication), Bitcoin traded around the $59,000-$60,000 level in mid-July, slightly lower than at the beginning of July, amidst geopolitical uncertainty and cautious risk appetite. Exact prices fluctuate, and this level is mentioned only as general context.
Sources
- Ledger Donjon - Bypassing Tangem Card Security with a Laser Attack (2026-07-09)
- Tangem Blog - Our Comment on Ledger Donjon's Latest Article (LFI response, 2026-07-09)
- The Block - Ledger researchers disclose Tangem card flaw; Tangem says risk to everyday users is 'virtually non-existent' (2026-07-10)
- crypto.news - Can hackers drain Tangem cards? Ledger reveals laser attack (2026-07-10)
- The Hacker News - Laser Attack Resets Tangem Wallet Passwords on Cards That Can't Be Patched (2026-07)
- Decrypt - Trezor Reveals Hardware Wallet Vulnerability, But Funds 'Safe' (2026-06-03, konteksts)