Our Comment on Ledger Donjon’s Latest Article

LFI requires precise decapping, characterization, and tuning to avoid bricking. It is not scalable.

This article is available in the following languages:

Author logo
Andrey Kurennykh
Post image

Today, Ledger Donjon published an article on our wallet covering laser fault injection (LFI): a physical, laboratory-based attack on the chip. We reviewed it and want to add more context for users trying to understand what it means in practice.

What's being written?

Ledger Donjon’s findings concern how our firmware handles a specific scenario under laser fault injection attacks. To quote Donjon, “this (LFI) is not a trivial attack. It is highly demanding in resources, expense, expertise, and time.” 

They provided a more detailed breakdown regarding the specific requirements for this attack.

Concretely, the attack requires: 

  1. Physical access to one card. It is also invasive and therefore visible on the card.
     
  2. Highly specialized laboratory resources. The attack depends on laser fault-injection equipment, side-channel measurement instrumentation, and a controlled lab environment.
     
  3. Carrying out the attack demands advanced knowledge of both software and hardware security, including sample preparation, side-channel analysis, and laser fault injection against a certified secure element. 
     
  4. An extensive period of time for the initial attack: establishing the attack setup, preparing the sample, and characterizing the chip to find the right spatial location, timing, and other laser parameters.

Independent academic researchers, who have studied LFIs extensively, put it simply: given sufficient time, funding, and access, the firmware running on any secure element can eventually be reverse-engineered and exploited. 

No product on the market can claim absolute resistance to all forms of sophisticated physical attacks; this is an inherent limitation of the underlying technology rather than of any specific product or manufacturer. LFI attacks are not scalable, and for everyday users, the practical risk is virtually non-existent.

Chances of success

By Donjon’s account, a successful extraction requires simultaneously satisfying three independent constraints: 

  1. Spatial precision down to the correct transistors on the die,
     
  2. Temporal precision within a narrow window of a single instruction's execution,
     
  3. Accurate parametric settings for laser power and pulse. 


Each constraint is a probability, and these probabilities multiply. Clearing all three at once in a single demonstration does not establish a reliable process; every attempt risks bricking the card, as acknowledged in the article. 

The honest conclusion is that the card could only be broken by a highly-skilled lab operator willing to destroy an unspecified number of cards to characterize the chip.
 

Risk table

We’ve outlined the chain of events that must occur for a lost Tangem card to result in funds being stolen via LFI. 

 

Event

Risk level

1.

Losing a Tangem card

High

2.

Finding equipment or well-equipped labs

Low

3. 

Finding qualified specialists

Very low

4. 

Finding the right lab and coercing qualified people to break into a lost/stolen card.

Almost impossible. It would be a criminal activity to do so.
 

 

 

Feasibility of the attack

LFI already requires physical possession of the card, a fully equipped lab, weeks of skilled work, and an acceptance that the card may be destroyed in the attempt. 

Stack on top of that the fact that Tangem cards carry no identifying information linking them to an owner or a wallet balance. There is no way to know whether the card holds $50 or $50 million.

This kills the expected-value calculation. The equipment cost alone is fixed and high ($250,000 according to Donjon). The return side is unknown and could be zero. No rational attacker runs that equation on a random card.

 

What security actually means in self-custody.

In self-custody, there are two ways to lose your funds: someone takes them, or you lose access to them. Both are security failures, and any good model has to account for both. Tangem wallets offer users a choice between a seedless and a seed-based setup. Most of our users choose seedless, and for good reason.
 

This design also shapes how our firmware handles fault injection alerts. A seed-based wallet can afford to destroy keys at the first sign of a hardware attack, since the user still has their recovery phrase. In a seedless architecture, that same response risks locking the user out of their own funds in case of rare false-positive sensor alerts.

 

Our firmware is designed to protect against the threats that have demonstrably caused real-world losses. Seed phrase exposure has cost users billions. According to River Financial’s 2025 study, more than 1.6M BTC ($129.6 billion) has been lost specifically due to self-custody mismanagement, and that’s just Bitcoin. Meanwhile, there have been no known real-world losses from laser fault-injection attacks on any hardware wallet to date.
 

The threats that matter most.

We're focused on attack vectors that genuinely endanger people's assets every day.

  • Obscure UI that leads to misclicks. 
  • Malicious dApps. 
  • Scam smart contracts disguised as their legitimate versions. 

These are the threats that actually drain wallets, not laboratory attacks that require physical possession and specialized equipment.
 

In 2010, researcher Christopher Tarnovsky cracked the Infineon SLE 66 CL PE, an EAL4+ certified chip deployed across hundreds of millions of banking cards, identity documents, and SIM cards worldwide. The attack was published, widely covered, and remains a landmark in hardware security research. No user lost funds, and no real-world incidents such as stolen identity followed. The gap between a successful laboratory attack and actual harm to users is an abyss.
 

Where Tangem stands.

Our product is fully safe against real-world attack scenarios, and this article doesn’t change that. 

We remain focused on protecting our users against the threats that actually put their assets at risk, and that work continues every day.

We also maintain a bug bounty program, open to anyone, affiliated with Ledger or not. If you find something, we want to hear about it.

Author logo
AuthorAndrey Kurennykh

Co-founder at Tangem.

Author logo
Reviewed byTangem team

We are a team of Tangem Wallet users dedicated to simplifying self-custody for everyone.