HomeIntelligenceBrief
BREACH BRIEF🟠 High Advisory

Laser Pulse Attack Resets Passwords on Tangem Crypto Wallet Cards, Bypassing User Authentication

Researchers showed a laser pulse can force a Tangem hardware‑wallet card to reset its PIN, giving attackers full control of stored crypto. The incident highlights the need for SOC 2‑aligned physical‑access controls and continuous evidence of hardware‑integrity monitoring.

LiveThreat™ Intelligence · 📅 July 10, 2026· 📰 thehackernews.com
🟠
Severity
High
AD
Type
Advisory
🎯
Confidence
High
🏢
Affected
3 sector(s)
Actions
3 recommended
📰
Source
thehackernews.com

Laser Pulse Attack Resets Passwords on Tangem Crypto Wallet Cards, Bypassing User Authentication

What Happened — Researchers from Ledger’s Donjon team demonstrated that a precisely timed laser pulse aimed at the secure element of a Tangem hardware‑wallet card can force the chip to reset its PIN to any value chosen by the attacker. Once the PIN is reset, the attacker gains full control of the wallet and can transfer the stored cryptocurrency.

Why It Matters for Compliance & Audit Readiness

  • The scenario illustrates a physical‑layer credential compromise that SOC 2 access‑control criteria (CC6.1, CC6.2) are designed to address through documented control design, monitoring, and evidence of mitigation.
  • Continuous‑compliance programs must capture evidence that hardware‑based authentication mechanisms are protected against tampering, and that incident‑response playbooks cover physical‑attack vectors.
  • Verisq’s SOC2 Access Controls capability provides audit‑ready evidence of password‑reset controls, hardware‑integrity monitoring, and policy enforcement to satisfy the “Logical and Physical Access Controls” trust criteria.

Who Is Affected — Financial‑services firms, crypto‑asset custodians, and any organization that issues or relies on Tangem‑style hardware wallets for secure key storage.

Recommended Actions

  • Map the Tangem hardware‑wallet usage to SOC 2 CC6 controls; verify that physical‑security safeguards (tamper‑evident packaging, secure storage, access logs) are documented and monitored.
  • Update your incident‑response plan to include a “hardware‑tampering” playbook, specifying evidence collection (laser‑damage forensic imaging) and escalation procedures.
  • Collect continuous evidence of hardware‑integrity checks (e.g., periodic visual inspections, tamper‑sensor logs) to demonstrate control effectiveness during audits.

Source: The Hacker News

Technical Notes

  • Attack vector: targeted laser pulse (physical layer) that triggers a fault injection in the secure element, causing a password reset.
  • No CVE assigned; the flaw resides in the chip’s lack of protection against focused optical fault injection.
  • Data at risk: private keys stored on the wallet, enabling full asset exfiltration.

Source: The Hacker News

📰 Original Source
https://thehackernews.com/2026/07/laser-attack-resets-tangem-wallet.html

This LiveThreat Intelligence Brief is an independent analysis. Read the original reporting at the link above.

From the Verisq platform · SOC 2 Readiness

Could you prove your access controls held up here?

Credential and access failures map directly to SOC 2 access-control criteria. The Verisq AI Trust Operations platform shows where your evidence is thin before an auditor — or an attacker — finds out.

Explore the Verisq AI Trust Operations platform →