

Ledger Donjon disclosed a laser fault-injection attack against Tangem hardware wallet cards, saying the method could reset a card password by bypassing a recovery-state check. The Block reported that Tangem disputed the practical significance of the finding, arguing that the attack requires expensive laboratory equipment, physical possession of the card and specialized expertise.
The distinction matters. This is not a remote phishing link or a seed-phrase leak. It is a physical, invasive attack model. Ledger Donjon said the setup is costly and technically demanding, while also noting that affected cards cannot be patched because they do not have a firmware update mechanism.
For most holders, the trading and custody lesson is simpler than the hardware research: do not treat a card wallet as risk-free just because the private key stays inside the device. Physical control, backup-card storage, transaction-screen review and wallet segmentation remain important. A long-term cold wallet should not be carried like a daily payment card, and a lost card should trigger a planned transfer procedure rather than hope.
Traders who frequently move funds between exchanges and self-custody should separate hot operating balances from long-term storage. Use small test transfers, keep exchange withdrawal allowlists current, and verify destination addresses on a trusted screen. If a wallet model has no update path, the holder needs an exit plan for future disclosures, even if the current practical risk is limited.
Sources: The Block on the Tangem disclosure and response; Ledger Donjon technical disclosure.
Risk notice: This article is for custody education only. It is not security, legal or investment advice. Hardware wallets reduce some risks but do not remove loss, theft, physical compromise or user-error risk.
原创文章,作者:financial transaction,如若转载,请注明出处:https://www.fanbi.net/archives/2098