Tangem Hardware Wallets Vulnerable to PIN Brute Force "Tearing Attack" → Security

A sophisticated, silver-grey hardware device with dark trim is presented from an elevated perspective, showcasing its transparent top panel. Within this panel, two prominent, icy blue, crystalline formations are visible, appearing to encase internal components

A sophisticated cryptographic chip is prominently featured, partially encased in a block of translucent blue ice, set against a dark, blurred background of abstract, organic shapes. The chip's metallic components and numerous pins are clearly visible, signifying advanced hardware

Briefing

A critical vulnerability, dubbed the “tearing attack,” has been disclosed by Ledger’s security research team, Donjon, affecting Tangem cold wallet cards. This flaw allows an attacker with physical access to bypass PIN attempt limits and significantly accelerate brute-force attacks by interrupting power and analyzing electromagnetic emissions. The primary consequence is a severe reduction in the time required to compromise user PINs, transforming a multi-year cracking effort into days or even hours for weaker passwords. This unpatchable vulnerability on existing cards represents a direct threat to the integrity of stored digital assets.

A sophisticated, metallic, segmented hardware component features intricate blue glowing circuitry patterns embedded within its sleek structure, set against a soft grey background. The object's design emphasizes modularity and advanced internal processing, with illuminated pathways suggesting active data transmission

Context

Before this disclosure, hardware wallets were largely considered the gold standard for securing digital assets, offering robust protection against remote exploits. The prevailing security posture relied on physical tamper-resistance and cryptographic safeguards, including rate-limiting PIN attempts to deter brute-force attacks. This incident highlights that even seemingly secure physical devices can possess subtle side-channel vulnerabilities, revealing that the attack surface extends beyond purely digital vectors to include the physical interaction with cryptographic hardware.

The image displays a sleek, translucent device with a central brushed metallic button, surrounded by a vibrant blue luminescence. The device's surface exhibits subtle reflections, highlighting its polished, futuristic design, set against a dark background

Analysis

The incident’s technical mechanics revolve around a sophisticated “tearing attack” targeting the Tangem card’s power management and cryptographic processing. By physically cutting the card’s power supply precisely as a PIN attempt is made, the attacker prevents the card from registering a failed attempt, effectively circumventing built-in security protocols. Concurrently, analyzing the card’s electromagnetic emissions during each attempt allows the attacker to identify patterns indicative of a correct PIN, transforming a probabilistic guessing game into a deterministic validation process. This chain of cause and effect drastically reduces the time needed for PIN discovery, making previously impractical brute-force attacks feasible.

The image displays a high-tech modular hardware component, featuring a central translucent blue unit flanked by two silver metallic modules. The blue core exhibits internal structures, suggesting complex data processing, while the silver modules have ribbed designs, possibly for heat dissipation or connectivity

Parameters

Affected Protocol/Device → Tangem cold wallet cards
Vulnerability Type → Physical side-channel “tearing attack”
Exploiting Entity → Ledger’s white hat hacker team, Donjon
Impact on PIN Cracking Time (4-digit) → Reduced from 5 days to ~1 hour
Impact on PIN Cracking Time (8-digit) → Reduced from 148 years to ~460 days
Estimated Attack Cost → ~$5,000
Patch Status → Unpatchable on existing cards

The image showcases a detailed perspective of sophisticated metallic and translucent blue electronic components. Gleaming silver structures, potentially ASIC chips or validator node hardware, are intricately layered over a vibrant blue substrate, hinting at the complex internal workings of a high-performance blockchain infrastructure

Outlook

Users of Tangem cards are immediately advised to strengthen their access codes to eight or more characters, incorporating a mixture of letters, numbers, and symbols, as this significantly increases the attack complexity. This incident underscores the ongoing need for rigorous, multi-faceted security audits that include physical and side-channel analysis for all hardware-based digital asset solutions. It also signals a potential contagion risk, prompting other hardware wallet manufacturers to re-evaluate their physical security countermeasures against similar advanced persistent threats. The digital asset security landscape will likely see an increased emphasis on robust physical security certifications and transparent vulnerability disclosure processes moving forward.

This physical side-channel vulnerability in Tangem hardware wallets decisively demonstrates that even robust cold storage solutions require continuous, multi-dimensional security scrutiny to safeguard digital assets effectively.

Signal Acquired from → Protos