← All stories
● Covered by 1 source Β· 1 reportHigh impact

Laser Attack Allows Password Reset on Tangem Wallets Without Old Password

Aggregated by BrevFeed security Β· updated 23h ago
πŸ”– Save

Researchers demonstrated that a laser attack can reset Tangem wallet passwords, allowing complete control over the wallet. Since the flaw cannot be fixed through software updates, all existing cards remain vulnerable, posing a significant risk for owners of lost or stolen cards.

Key points

Laser Attack Methodology

Researchers from Ledger's Donjon security team showed that a precisely timed laser pulse aimed at the chip inside a Tangem crypto wallet card can reset the wallet's password to any chosen value.

The attack effectively overrides the card's password protection, permitting an attacker to control the wallet without the previous password or any recovery cards.

Vulnerability Details

The Tangem wallet cards operate through a secure element that is meant to resist tampering. Users are supposed to safeguard their assets by possessing the card and knowing the password.

However, the card's password reset feature has a vulnerability: if a card is held together with another during a reset process, it can lead to a new password being accepted without verification. A laser pulse disrupts the chip's circuitry, tricking it into accepting new credentials.

Physical Access Required

It is crucial to note that this attack requires physical access to the card and advanced technical equipment costing around $250,000. The card also must be cut open, causing visible damage that leaves obvious evidence of tampering.

As a result, while this method poses a significant risk, it is not an immediate threat to all card holders, as the attack cannot be performed remotely.

Implications for Users

The vulnerability indicates that owners of lost or stolen Tangem cards should take immediate action, as those cards become prime targets for this type of attack.

Users of Tangem wallets are urged to take precautionary measures to secure their assets and be aware of the limitations of the product's security features.

✨ This summary was generated by AI from the outlets' reporting listed below. It is not independently verified and may contain errors β€” check the original sources. How BrevFeed works β†’

Primary sources

CVE CVE-2026-552008.1 HIGH CVE CVE-2026-468179.8 CRITICAL

Reporting from

Researchers demonstrated that a laser attack can reset Tangem wallet passwords, allowing complete control over the wallet. Since the flaw cannot be fixed through software updates, all existing cards remain vulnerable, posing a significant risk for owners of lost or stolen cards.