BTC $71,807
2026 Bull Run Is Building Start trading with 5% OFF all fees
Sign Up Now
BTC $71,807
Bull Run 2026 | 5% Off Fees Open your Binance account today
Sign Up

Ledger Finds Unpatchable Flaw in Tangem Wallet, Brute Force Possible

Tangem Cold Wallet Flaw Lets Hackers Bypass PIN Limits in Under an Hour, Says Ledger’s Donjon Team

  • Security researchers uncovered a flaw in Tangem cold wallet cards, allowing Hackers to brute force PINs by disrupting the card’s power source.
  • The attack, revealed by Ledger’s Donjon security team, lowers the time needed to crack a four-digit code from five days to about one hour.
  • This exploit is not patchable for existing Tangem cards, and physical access to the card is needed.
  • Tangem dismisses the flaw as unrealistic, insisting their cards support stronger, alphanumeric access codes.
  • The Donjon team argues the vulnerability is significant for cards with weak passwords, while Tangem maintains the risk is theoretical.

Researchers from Ledger’s Donjon security team disclosed a vulnerability on June 18 involving Tangem cold wallet cards. The flaw allows attackers to brute force the card’s PIN by repeatedly cutting off and restoring its power before the card can register failed password attempts.

- Advertisement -

The Donjon team explained that by interrupting power to a Tangem card during authentication, a Hacker can bypass the card’s built-in security limits on password attempts. This lets attackers try unlimited PIN codes without triggering lockouts or other defenses. They enhanced their method by monitoring the electromagnetic signals emitted by the card to identify when the correct password is found, as shown in Donjon’s detailed write-up.

According to Donjon, this “tearing attack” reduces the time required to crack a four-digit PIN from about five days to roughly one hour. An eight-digit PIN could take around 460 days. The team estimates the total cost to execute this attack at $5,000, but notes that the attacker must have physical access to the target card. Donjon stated, “While the setup cost is relatively low, making it accessible to a wider range of attackers, the need for physical proximity to the target card remains a prerequisite.” They also advised users to create passwords with at least eight characters, mixing letters, numbers, and symbols.

Tangem responded that it does not see the finding as a practical risk. In a statement to Protos, the company emphasized that longer alphanumeric codes, which their cards support, are far more challenging to break. “The research oddly focused on four-digit PINs, while our cards support much stronger alphanumeric access codes with symbols, making the real-world challenge exponentially harder,” noted Tangem. The company added that the attack would destroy the chip before a code could be successfully guessed.

Donjon disagreed with Tangem’s assessment. The security team maintained that their test cards survived the process, and that no data was written to the chip’s flash memory that could cause wear. Donjon also argued the attack speeds up brute force attempts by “100x” on weak passwords, criticizing Tangem’s stance as inaccurate.

- Advertisement -

This disclosure comes in the context of prior security concerns in the crypto hardware wallet space. In 2023, a supply chain compromise affected Ledger’s Connect Kit, leading to stolen funds when a former employee’s account was breached. In 2020, Ledger also suffered a breach that exposed users’ personal data, which later contributed to phishing attacks.

Donjon said it followed responsible disclosure procedures but did not receive a bounty from Tangem, as the company only rewards what it calls “practical, real-world vulnerabilities.”

✅ Follow BITNEWSBOT on Telegram, Facebook, LinkedIn, X.com, and Google News for instant updates.

Previous Articles:

- Advertisement -
Ad
Altseason Is Loading. Don't watch from the sidelines.
SOL $90.51
DOGE $0.0963
LINK $9.02
SUI $1.00
5% off fees when you sign up
Start Trading
Ad
Pay Less on Every Trade. For Life.
$10K/mo volume Save $60/yr
$50K/mo volume Save $300/yr
$100K/mo volume Save $600/yr
5% off all trading fees when you sign up
Claim Your Discount

Latest News

AI freelancers could drive $262B in stablecoin payments by 2033

Swyftx projects that $262 billion of the AI-native gig economy's payment volume could be...

LINE NEXT launches global stablecoin platform Unifi

LINE NEXT has launched Unifi, a non-custodial stablecoin platform, now available globally as it...

Saylor’s ‘Orange Dots’ Signal Fails to Clarify Bitcoin Strategy

Strategy founder Michael Saylor posted a cryptic signal on Sunday, prompting analysts to call...

Crypto’s $2T Crash Awaits BlackRock Shock & FOMO

Bitcoin has stabilized near $60,000 after a downturn erased $2 trillion from the crypto...

Cambridge: Ethereum Energy Intensity Low, Overall Use High

Ethereum consumes roughly 7.87 GWh annually, the second-lowest energy intensity per market value among...

Must Read

7 Best Crypto To Invest In This Year

Investing in cryptocurrencies has become a popular way for people to diversify their investment portfolio and make potential profits.However, with so many cryptocurrencies available...
Ad
Altseason Is Loading. These 4 coins are trending right now.
SOL $92.12
DOGE $0.0950
LINK $9.02
SUI $1.02
5% off spot fees when you sign up
Start Trading