Ledger Donjon used a single nanosecond laser pulse to fault Tangem’s SetPin recovery check, set an attacker-controlled password, and gain signing control without the old password or a backup card. Donjon says every Tangem card in circulation is exposed, recovery settings do not stop the attack, and the immutable firmware leaves no patch path after its February 10, 2026 disclosure to Tangem. The team reports 100% success in its tests, but each run still needs physical possession, invasive chip access, a roughly $250,000 lab, and about two hours once the fault parameters are known.

TLDR by @Benthic

Explore the topic

More on Ledger

Comments