Where is my crypto hold in?
Cryptocurrency is in the blockchain physically. Whereas the Tangem card stores private keys to access addresses on the blockchain.
Security
Where are the keys stored?
When you activate your card, wallet keys are created, which are needed to manage your funds. The keys never leave the chip after the wallet activation and are not transferred anywhere. The primary purpose of the chip is to keep them safe and sound.
How are wallet keys generated?
The key is generated on the card using a hardware random number generator during card activation. The entropy for the random number is taken from the chip’s physical sensors. It means no one can ever know your private key. The hardware random number generator is a component of the Samsung chip. You can read the safety assessment document at this link.
How is the private key cloned on the backup cards?
When a backup is created, a secure communication channel is established between the cards using the Diffie-Hellman key exchange protocol, after which the keys are transferred from one card to the other. This mechanism is fully protected against Man-in-the-Middle attacks since the first step is that the cards authenticate each other with a two-way attestation, and the encryption is done with a 256-bit key. The strength of the encryption is maximum, and the application will not be able to decrypt the keys under any circumstances.
Is there a seed phrase in the wallet?
Tangem does not use BIP39 technology (seed-phrase) cause considers it highly insecure. The presence of a public key is a potential vulnerability. Firstly, hot and "warm" wallets always have access to the key, which can be hacked. Secondly, having the key in an open place at home, work, or elsewhere is always a potential risk of compromise. Instead, Tangem offers a backup on 2 or 3 identical cards. The cards hold the keys and never share them with anyone; they are protected by an access code. Thus you have 2 or 3 duplicate keys for one vault (your wallet). They are equal; you can keep them in different places and use any of them. And the most important thing is that the keys have never been in public view. No bug or vulnerability in the software can expose the key at the moment it is generated. It is as safe and secure as possible.
How to know my private key?
The card is based on a chip that generates a private key during wallet creation using a hardware random number generator. The entropy for the random number is taken from the chip’s physical sensors. The key never leaves the chip in plain sight and after the wallet is activated. The chip's primary purpose is to keep it safe and sound.
Thus, no one can ever find out your private key. The secret is safe, even from you.Where is the guarantee that the manufacturer doesn’t know the key?
The Tangem card doesn't have a private key initially. The key is generated when the wallet is created, and the card is attached to the mobile device. Moreover, public and private keys will be regenerated if you reset the card to factory settings and recreate the wallet. The firmware has been audited by the independent Swiss company Kudelski Security. The firmware audit confirms that the private key is created using a hardware random number generator and that there are no other backdoors or bugs that could result in loss of funds. The results of the Kudelski Security audit are available here.
Why does a wallet need 2 or 3 cards?
Additional cards are needed to create a backup. How many cards you have in your backup (2 or 3) — as many copies of your private key exist worldwide. If one of the cards is lost or stolen, the backup cards will help you restore access to your wallet.
How many cards can be in a backup of one wallet?
The maximum number of cards that can be in a backup is 3.
Is there a difference between "primary" and "backup" cards?
All of the cards from the backup are equal to each other and have access to a single wallet.
Why is it possible to link backup cards only once?
Backup creation and private key cloning are only possible once for security purposes. Thus, you are sure of the number of copies of your private key.
As the cards operate without using the company's servers, the cards know nothing about each other. Only when creating a backup, the private key is copied to the number of cards you choose (2 or 3).
If backup cards could be linked repeatedly, an attacker could make copies of your card without your knowledge.
What happens if I lose my Tangem Note?
Since Tangem Note cards don't have a backup option and can be compared to fiat money, you can manage the cryptocurrency while you own the card. But if the card is lost, it will be impossible to manage the funds.
If Tangem Note is stolen, can a 3rd party gain access to the wallet?
Tangem Note cards have no backup option and access code protection. For this reason, the cards can be compared to traditional banknotes: whoever owns the card can access the wallet. Therefore, like traditional banknotes, cards must be physically secure at all times.
What happens if I lose my Tangem Wallet?
Tangem Wallet includes a set of 2 or 3 cards, so when activating a card, you can back up the key on the other card(s). The backup cards will help you manage your money even if you lose one of the cards.
How to restore access if I lose all my backup cards?
The loss of all cards from the backup leads to losing your funds. Only your cards have access to the wallet. How many cards you have in your backup (2 or 3) is how many copies of your private key exist worldwide. That's why we recommend keeping your cards in different places. If one card is lost/stolen, you can buy a new set of cards and transfer funds to it.
If the Tangem Wallet card is stolen, can a 3rd party gain access to the wallet?
A third party will only be able to access your wallet if your cards are not linked (you have not backed them up). In this case, access code protection is not available: it appears only when you link two or three cards to one wallet.
That's why we recommend that you make backups before funding your wallet. Then your funds will be protected by the access code. Moreover, the card is protected against brute-force attacks. After the sixth incorrect attempt to enter the code, the delay time for the next attempt is increased by 1 second. The maximum delay time is 45 seconds. The delay is only reset after the access code has been successfully entered.If my phone is lost/broken, will I lose access to funds?
In such a case, you don't lose access to your assets. Using your cards, you can access your wallet via any other mobile device. The phone itself doesn't store any assets you are holding; it only acts as a display by visualizing specific data for a particular user via its screen. Storage of private keys and signing your transactions are performed by your card. All you have to do is download the Tangem app on your new phone and scan the card.
If I lose one card from the backup, can I buy another set and link it to my existing wallet?
Since creating a backup and private key cloning is possible only once, you will not be able to link new cards to an existing backup. After purchasing a new set, you should transfer funds to the new wallet.
Is it possible to block a lost card?
There is no such functionality. Once a backup has been created, all cards in the bunch have a single private key and become equivalent, so there is no technical way to identify which card has been lost.
When you activate a card and create a backup, you protect each card with its user password. The card is protected against brute-force attacks. Moreover, after the sixth incorrect attempt to enter the code, the delay time for the next attempt is increased by 1 second. The maximum delay time is 45 seconds. The delay is only reset after the access code has been successfully entered.What personal data does the company collect?
Tangem does not monitor incoming or outgoing transactions. We never gather wallet addresses, personal data of users, or any other kind of information that can identify users or users' phones.
Does the Tangem app store user’s data?
The app does not store the user's personal data or any other information that can identify the user or the user's phone.
How exactly is Tangem Wallet a cold wallet? What is the working principle of the wallet?
A cold wallet is a vault for cryptocurrency that is not connected to the internet. In Tangem cards, the private key is generated when the wallet is created and the card is attached to the device using a hardware random number generator and stored on the card, which is inherently disconnected from the internet. The private key never leaves the card. The primary purpose of the wallet is to store private keys securely. The app is just a user interface for cards communicating directly with the blockchain.
Can Tangem block access to the wallet?
Tangem does not have its own servers that are linked to blockchains. The Tangem app works directly with them. Therefore, we cannot interfere in its work in any way. Tangem's philosophy is to provide users only with a technological solution for working with crypto-assets. The scheme of the wallet looks like this: Card <-> Application <-> Blockchain.
Besides, we don't have registration or verification of users; we don't know their geolocation, citizenship, etc. So we can't identify a particular user to block his access to the wallet (even if it were possible). All we can hypothetically know is your IP address. But the address can be changed with a VPN if necessary.
Plus, our app is open-source which is published on GitHub. With some skills, anyone can study it, make sure it's secure and compile the app.
How reliable and safe is it? What if a Tangem сard stops working?
Tangem Wallet is the safest and most reliable crypto wallet in the world. The chip in your card is a microcomputer that generates the private key that never leaves the card. We have gone the extra mile to prove it externally:
• The highest certification level among direct competitors that ensures no backdoors — EAL6+ by Common Criteria. The same level of chip protection is used in passports.
• The firmware is audited by the world's top laboratory — Kudelski Security.
• The only hardware wallet with the highest possible protection rate against environmental conditions is IP68. It is entirely safe from dust, water, and hacking attempts.
• The card is durable enough to perform from -25℃ (-13℉) to +50℃ (122℉). You can even put it in the snow without repercussions.
• The chip is designed to sign an infinite number of transactions with a life expectancy beyond 25 years.
• The chip is further protected against EMP (electromagnetic pulse), ESD (electrostatic discharge), and X-rays in compliance with ISO 7816-1 standard.
Moreover, we have issued more than 500,000 cards since 2017. There are no defects, and all the cards are still functioning.What is the lifespan of the card?
The cards have a minimum lifespan of 25 years, which Samsung, the chip manufacturer, guarantees. Technical information about the chip is available on the Samsung website at the link.
What will happen to the card when it is exposed to a powerful magnetic field, for example, in an MRI machine? What is the probability that the wallet will demagnetize and stop working?
The chip doesn't contain any magnetic elements that can demagnetize. Moreover, the Tangem card chip is protected against EMP (electromagnetic pulse), ESD (electrostatic discharge), and X-rays in compliance with ISO 7816-1 standard.
Will the card work if Tangem doesn’t exist as a company? Does Tangem use its own servers?
Even though we have no intention of going out of business any time soon (running smoothly since 2017), in case something terrible happens, Tangem cards and the app will continue to be valid.
The Tangem app uses the company's servers to verify the card's authenticity, synchronize the list of added tokens between backup cards, and calculate the value of cryptocurrency in your wallet. Without these services, you will still be able to use your Tangem cards, though with less convenience. You can read more on our blog at the link.What happens if the app is no longer available for download from App Store/Google Play?
The previously installed app on your device will be available if the ability to download from App Store/Google Play suddenly disappears.
The app works independently of Tangem's servers and will continue to work even if the company shuts everything down. You can also always download the Tangem app on GitHub.
Moreover, the Tangem app is fully open-source and available on GitHub, so a replacement app can be created by anyone and used to power the card. For more details, you can read our blog.Can different access codes be set for each card in the backup?
By default, the same access code is created for all cards during backup. After that, you can set a different access code on each card through "Details" — "Card Settings" — "Change Access Code".
Can I set an access code on Tangem Note?
In contrast to Tangem Wallet, Tangem Note is a single card, so it has no backup function and no access code protection.
Tangem Note is a good choice for beginners in cryptocurrency, as well as for a gift or hand-to-hand crypto transfer.Can I set an access code without creating a backup?
The access code can only be set if a backup is created. For cards without a backup, you cannot set an access code because if you lose the access code, you will lose access to the wallet. If you have forgotten the access code on backup cards, you can reset the code on that card by having a second card from the backup.
Is there any protection against brute-force attack?
The card has protection against brute-force attacks. After the sixth incorrect attempt to enter the access code, the delay time for the next attempt is increased by 1 second. The maximum delay time is 45 seconds. The delay is reset only after the successful entry of the password.
How to make sure that I bought the original card?
Tangem cards cannot be physically modified, as there is a monolithic chip inside the card. Tangem cards cannot be modified in terms of software.
The official app can accurately check the following:
— that the card was produced by Tangem;
— that the card is flashed with Tangem software.It is entirely safe to buy even in the underpass thanks to end-to-end certification. Most importantly, note that:
1. You have installed the official Tangem app.
2. Cards should prompt you to create a wallet. If not, reset the cards to factory settings.How can I check that I received an unused card?
When you activate the card, you should be prompted to create a wallet. If not, reset the cards to factory settings and create a wallet; this will generate new public and private keys.
How to verify the authenticity of the Tangem firmware?
Tangem card technology dictates a "security through obscurity" approach. Disclosure of the source code within secure elements would render hardware wallets vulnerable. To prove that the Tangem firmware has no backdoors or bugs that would lead to loss of funds, Tangem has employed a renowned independent security auditor, Kudelski Security. The results of the audit are here.
Is it possible to update the card firmware?
For user safety, the card is flashed once and is not updated again. This eliminates the risk of counterfeit firmware and possible theft of funds.
The ability to update the software of a hardware wallet means that you should trust the wallet manufacturer and hope that, at some point, you will not receive an update that compromises your keys.
In the case of Tangem, the card is flashed only once, and the firmware has been audited by the independent Swiss company Kudelski Security. Moreover, the card can prove that it has precisely the firmware that was audited. This is one of the wallet's unique features that makes Tangem the most secure and trusted wallet in the world.