Ledger Security Team Uncovers Brute-Force Flaw in Tangem ...

Home | News about Crypto | Ledger Security Team Uncovers Brute-Force Flaw in Tangem Wallet Cards

Published: September 17th. 2025, Updated: February 16th. 2026

© Image: Image generated with AI using Freepik, exclusively for Crypto Boost News. For editorial purposes only. Not a real photo and not intended to suggest endorsement or affiliation with any real person.

News & Events

Ledger Researchers Identify Security Vulnerability in Tangem Wallet Cards

Ledger Donjon, the security research division of hardware wallet maker Ledger, has reported a potential vulnerability in Tangem wallet cards. The flaw, disclosed after a responsible reporting process beginning months prior, could allow brute-force attacks using a targeted power interruption technique.

Flaw Centers on Authentication Counter

According to Ledger Donjon's findings, the vulnerability resides in the mechanism that counts failed authentication attempts on the Tangem cards. By deliberately cutting power at a specific moment, attackers can prevent the device from updating its fail counter. This means the usual escalating time delays, intended to deter brute-force PIN guesses, could be circumvented.

After six incorrect PIN attempts, Tangem cards add a one-second delay before each subsequent try, with the delay increasing up to 45 seconds per attempt.
Testing all possible combinations for a 4-digit PIN would normally take about five days, while a 6-digit PIN would require around 520 days, and an 8-digit PIN up to 143 years.

The vulnerability reportedly speeds up brute-force attempts to roughly 2.5 tries per second, nearly 100 times faster than standard conditions. Under these circumstances, a 4-digit PIN could be brute-forced in about an hour, significantly shortening the attack window. Exploiting the flaw, however, requires physical access to the Tangem card and basic electronic equipment.

Response from Tangem

Tangem, whose cards were the subject of Ledger's review, responded by downplaying the risk. The company acknowledged the technical demonstration but argued that the scenario outlined by Ledger Donjon is highly sophisticated and time-consuming. They also claimed that the chip's tamper-resistant mechanisms would likely damage the device if such an attack was attempted, making it impractical in real-world conditions.

Tangem noted the flaw does not impact cards with strong PIN codes and emphasized that their secure chip is designed to withstand hardware manipulation. Since Tangem cards cannot be updated, any vulnerability would remain present in affected devices.

Ongoing Debate on Hardware Security

The exchange highlights the ongoing debate over hardware wallet security and the challenges of balancing usability with robust protection. Security experts continue to recommend using strong, unique PINs for hardware wallets to mitigate brute-force risks.