Ledger Donjon, the Ledger Hardware Wallet Company Security team, claims to have identified vulnerabilities in the Tangm card, allowing brute force attacks through energy disruption technology.
The discovery was reported on September 17, 2025, after a responsible dissemination process that began several months ago.
According to the ledger CTO, this suspicious vulnerability reveals the risk for users with weak TANGM card passwords. The company audited by Don John made sure Brute-force attacks written by the Security Committee are ineffective.
Ledger Donjon evaluated the Tangm cards during security testing, focusing on the implementation of all-out protection mechanisms and secure channels.
What mistakes are suffering from Tangm wallets?
According to the investigation committee, the failure is a failure to authenticate. Reduce energy to the card at the exact moment, and the device updates the error counter. You can try approximately 2.5 passwords per second. To take advantage of this, attackers need physical access to devices and basic equipment.
The Tangem card includes a protection mechanism against brute force. After six password attempts, a 1 second security delay applies before allowing the next attempt. For each incorrect attempt, this delay increases to a maximum of 45 seconds in an additional second. As a result, try all possible combinations of Tangm cards blocked with four digit pins. It will take about 5 days. For six-digit pins, this period is extended to about 520 days, and can reach up to 143 years for eight-digit pins.
ledger Donjon, hardware security group.
With increased speed due to energy disruptions, it is possible to practice up to 2.5 attempts per second (approximately 100 times faster than before a physical attack) to violate four-digit pins.
GuilleMet also guarantees that The risk is notable for users with short or common passwords.
Tangm card has not been updated, so there is a suspected failure It could not be poured into devices already on sale.
Tangm responded to public communications of vulnerabilities and as per the criteria, ensuring that their findings did not represent a true vulnerability.
Donjon did some pretty sophisticated hardware exercises. This requires a lot of time to avoid “child blocks” that only complicates random fortune-telling attempts by fans. At the stage described, disabling incremental delays in password verification does not significantly accelerate any possible brute force attacks.
TANGM devices, cryptocurrency wallets.
Tangm’s team also ensures that the secure element used in wallets cannot withstand ledger-like attacks, as “the anti-scripted chip mechanism of the chip damages integrated flash memory.”
