- Security researchers uncovered a flaw in Tangem cold wallet cards, allowing Hackers to brute force PINs by disrupting the card’s power source.
- The attack, revealed by Ledger’s Donjon security team, lowers the time needed to crack a four-digit code from five days to about one hour.
- This exploit is not patchable for existing Tangem cards, and physical access to the card is needed.
- Tangem dismisses the flaw as unrealistic, insisting their cards support stronger, alphanumeric access codes.
- The Donjon team argues the vulnerability is significant for cards with weak passwords, while Tangem maintains the risk is theoretical.
Researchers from Ledger’s Donjon security team disclosed a vulnerability on June 18 involving Tangem cold wallet cards. The flaw allows attackers to brute force the card’s PIN by repeatedly cutting off and restoring its power before the card can register failed password attempts.
The Donjon team explained that by interrupting power to a Tangem card during authentication, a Hacker can bypass the card’s built-in security limits on password attempts. This lets attackers try unlimited PIN codes without triggering lockouts or other defenses. They enhanced their method by monitoring the electromagnetic signals emitted by the card to identify when the correct password is found, as shown in Donjon’s detailed write-up.
According to Donjon, this “tearing attack” reduces the time required to crack a four-digit PIN from about five days to roughly one hour. An eight-digit PIN could take around 460 days. The team estimates the total cost to execute this attack at $5,000, but notes that the attacker must have physical access to the target card. Donjon stated, “While the setup cost is relatively low, making it accessible to a wider range of attackers, the need for physical proximity to the target card remains a prerequisite.” They also advised users to create passwords with at least eight characters, mixing letters, numbers, and symbols.
Tangem responded that it does not see the finding as a practical risk. In a statement to Protos, the company emphasized that longer alphanumeric codes, which their cards support, are far more challenging to break. “The research oddly focused on four-digit PINs, while our cards support much stronger alphanumeric access codes with symbols, making the real-world challenge exponentially harder,” noted Tangem. The company added that the attack would destroy the chip before a code could be successfully guessed.
Donjon disagreed with Tangem’s assessment. The security team maintained that their test cards survived the process, and that no data was written to the chip’s flash memory that could cause wear. Donjon also argued the attack speeds up brute force attempts by “100x” on weak passwords, criticizing Tangem’s stance as inaccurate.
This disclosure comes in the context of prior security concerns in the crypto hardware wallet space. In 2023, a supply chain compromise affected Ledger’s Connect Kit, leading to stolen funds when a former employee’s account was breached. In 2020, Ledger also suffered a breach that exposed users’ personal data, which later contributed to phishing attacks.
Donjon said it followed responsible disclosure procedures but did not receive a bounty from Tangem, as the company only rewards what it calls “practical, real-world vulnerabilities.”
✅ Follow BITNEWSBOT on Telegram, Facebook, LinkedIn, X.com, and Google News for instant updates.
Previous Articles:
- First XRP, Dogecoin ETFs Launch in U.S. on Cboe BZX Exchange
- Binance’s BNB Coin Hits $1,000 for First Time, Sets New ATH
- Bitcoin Surges as Fed Rate Cut Triggers Flood of Market Optimism
- Vitalik Buterin Defends Ethereum’s 43-Day Unstaking Exit Delay
- Plasma Stablecoin Blockchain to Launch Beta on September 25
