Security

  • Can I purchase just the Ring without the backup cards?

    No, the Tangem Ring will be sold as a set with two cards. Additional cards are needed to create a backup. The number of items in your set (2 or 3) is the number of copies of your private key that exist in the world. If one of the items is lost or stolen, the backup copies will help you restore access to your wallet.

  • What should I do if I lose the Ring?

    Losing the Tangem Ring is the same as losing one of the cards. If you lose the ring, you can still access your wallet through the backup cards. From a security standpoint, if an attacker finds your lost ring, they cannot access the wallet because it is protected by an access code. Moreover, the ring is also protected against brute-force attacks. After the sixth incorrect attempt to enter the code, the delay time for the next attempt is increased by 1 second. The maximum delay time is 45 seconds. The delay is only reset after the access code has been successfully entered.

  • Can someone access my funds by tapping my Tangem Ring while I'm wearing it?

    No, the ring must be removed from your finger and tapped on your smartphone. You also have to enter the access code or use biometric authentication to use the Tangem app.

  • Where is my crypto held?

    The cryptocurrency is technically located on the blockchain, while the Tangem card stores the private keys used to access blockchain addresses.

  • Where are the keys stored?

    Wallet keys, which are needed to manage your funds, are created when you activate your card. The keys never leave the chip after the wallet activation and are not transferred anywhere. The primary purpose of the chip is to keep the keys safe and secure.

  • How are wallet keys generated?

    The key is generated on the card using a hardware random number generator during card activation. The entropy for the random number is taken from the chip’s physical sensors. This means that no one can ever know your private key. The hardware random number generator is a component of the Samsung-produced chip. You can read the safety assessment document via this link.

  • How is the private key cloned on the backup cards?

    When a backup is created, a secure communication channel is established between the cards using the Diffie-Hellman key exchange protocol, after which the keys are transferred from one card to the other. This mechanism is fully protected against man-in-the-middle attacks since the first step involves the cards authenticating each other with a two-way attestation, and the encryption is done with a 256-bit key. This is a top-level encryption protocol, and the application will not be able to decrypt the keys under any circumstances.

  • Is there a seed phrase in the wallet?

    Tangem does not use BIP39 (seed phrase) technology, believing it to be highly insecure. The presence of a key in plain sight is a potential vulnerability. Firstly, hot and "warm" wallets always have access to this key, which can be hacked. Secondly, having the key in an unsecured location at home, work or elsewhere always involves the potential risk of compromise. Instead, Tangem offers a backup on 2 or 3 identical cards. The cards hold the keys and never share them with anyone; they are protected by an access code. You therefore have 2 or 3 duplicate keys for one vault (your wallet). They are equal, so you can keep them in different places and use any of them. The most important thing is that the keys are never in public view during their life-cycle. No bug or vulnerability in the software can expose the key at the moment it is generated. It is totally safe and secure.

  • How do I find out my private key?

    The card is based on a chip that generates a private key during the wallet creation process, using a hardware random number generator. The entropy for the random number is taken from the chip’s physical sensors. The key never leaves the chip in an unencrypted state or after the wallet is activated. The chip's primary purpose is to keep the key safe and secure.
    This means that no one can ever find out your private key. The secret is safe, even from you.

  • Where is the guarantee that the manufacturer doesn’t know the key?

    The Tangem card doesn't have a private key initially. The key is generated when the wallet is created and the card is tapped against the mobile device. Moreover, public and private keys will be regenerated if you reset the card to factory settings and recreate the wallet.
    The firmware has been audited by the independent Swiss company Kudelski Security. The firmware audit confirms that the private key is created using a hardware random number generator and that there are no other backdoors or bugs that could result in the loss of funds. The results of the Kudelski Security audit are available here.

  • Why does a wallet need 2 or 3 cards?

    Additional cards are needed to create a backup. The number of cards in your set (2 or 3) is the number of copies of your private key that exist in the world. If one of the cards is lost or stolen, the backup cards will help you restore access to your wallet.

  • How many cards can be in a backup of one wallet?

    The maximum number of cards that can be used as a backup is 3.

  • Is there a difference between "primary" and "backup" cards?

    All of the cards from the backup are equal to each other and have access to the same wallet.

  • Why is it possible to link backup cards only once?

    For security reasons, backup creation and private key cloning can only be done once. You should therefore be sure of the number of copies of your private key you want to create.
    As the cards operate without using the company's servers, the cards know nothing about each other. It is only when creating a backup that the private key is copied to the number of cards you have chosen (2 or 3).
    If backup cards could be linked on multiple occasions, an attacker could make copies of your card without your knowledge.

  • What happens if I lose my Tangem Note?

    Since Tangem Note cards don't have a backup option and are used in a similar fashion to fiat money, you can manage the cryptocurrency as long as you own the card. If the card is lost, however, it will be impossible to manage the funds.

  • If Tangem Note is stolen, can a third party gain access to the wallet?

    Tangem Note cards have no backup option or access code protection. For this reason, the cards can be compared to traditional banknotes: whoever owns the card can access the wallet. Like traditional banknotes, therefore, these cards must be physically secure at all times.

  • What happens if I lose my Tangem Wallet?

    Tangem Wallet includes a set of 2 or 3 cards, so that you can back up the key to other cards during the activation process. The backup cards will help you manage your money even if you lose one of the cards.

  • How do I restore access if I lose all my backup cards?

    If you lose all the cards in your backup, you will lose access to your funds. Only your cards have access to the wallet. The number of cards in your set (2 or 3) is the number of copies of your private key that exist in the world. This is why we recommend keeping your cards in different places. If one card is lost/stolen, you can buy a new set of cards and transfer the funds to it.

  • If the Tangem Wallet card is stolen, can a third party gain access to the wallet?

    A third party will only be able to access your wallet if your cards are not linked (you have not backed them up). In this case, access code protection is not available: it is activated only when you link two or three cards to one wallet.
    That's why we recommend that you make backups before funding your wallet, ensuring that your funds are protected by the access code. Moreover, the card will be protected against brute-force attacks. After the sixth incorrect attempt to enter the code, the delay time for the next attempt is increased by 1 second. The maximum delay time is 45 seconds. The delay is only reset after the access code has been successfully entered.

  • If my phone is lost/broken, will I lose access to my funds?

    In such cases, you don't lose access to your assets. You can use your card to access your wallet via any other mobile device. The phone itself doesn't store any assets you hold; it simply acts as a display by visualizing specific data for a particular user on screen. The storage of private keys and signing of transactions is done by your card. All you have to do is download the Tangem app on your new phone and scan the card.

  • If I lose one card from the backup, can I buy another set and link it to my existing wallet?

    Since you can only create a backup and clone the private key once, you won’t be able to link new cards to an existing backup. After purchasing a new set, you should transfer your funds to the new wallet.

  • Is it possible to block a lost card?

    This isn’t supported. Once a backup has been created, all cards in the set have a single private key and become equal, so there is no technical way to identify which card has been lost.
    When you activate a card and create a backup, you protect each card with its user password. Moreover, the card is protected against brute-force attacks. After the sixth incorrect attempt to enter the code, the delay time for the next attempt is increased by 1 second. The maximum delay time is 45 seconds. The delay is only reset after the access code has been successfully entered.

  • What personal data does the company collect?

    Tangem does not monitor incoming or outgoing transactions. We never gather wallet addresses, users’ personal data, or any other information that could identify users or their phones.

  • Does the Tangem app store user data?

    The app doesn’t store personal data or any other information that could identify a user or their phone.

  • How exactly is Tangem Wallet a cold wallet? What is the working principle of the wallet?

    A cold wallet is a vault for storing cryptocurrency that is not connected to the internet. On Tangem cards, the private key is generated when the wallet is created and the card is attached to the device using a hardware random number generator. It is then stored on the card, which is fully disconnected from the internet. The private key never leaves the card. The primary purpose of the wallet is to store the private keys securely. The app is simply a user interface allowing the cards to communicate directly with the blockchain.

  • Can Tangem block access to the wallet?

    Tangem doesn’t have its own servers that connect to blockchains. It is the app on your phone which communicates directly with the blockchain. This means that we cannot with operations in any way. Tangem's philosophy is to provide users with a technological solution for interacting with crypto assets and nothing more. The wallet protocol looks like this: card <-> application <-> blockchain.

    Besides, we don't conduct registration or verification of users, so we don't know their geolocation, citizenship, etc. This means we can't identify a particular user to block their wallet access (even if that were possible). All we can hypothetically find out is your IP address, which can still be changed with a VPN if necessary.

    Plus, our app is open source and published on GitHub. With some skills, anyone can study it, make sure it's secure and compile the app.

  • How reliable and safe is it? What if a Tangem сard stops working?

    Tangem Wallet is a highly secure and reliable hardware wallet. The chip in your card is a microcomputer that generates a private key that never leaves the card. We have gone the extra mile to prove it externally:
    • The highest certification level among direct competitors that ensures no backdoors: EAL6+ by Common Criteria. This is the same level of chip protection used in passports.
    • The firmware has been audited by the world's top laboratory, Kudelski Security.
    • The only hardware wallet with the highest possible IP68 protection rate against environmental conditions. It is entirely safe from dust, water, and hacking attempts.
    • The card is durable enough to perform from -25 ℃ (-13 ℉) to +50 ℃ (122 ℉). You can even put it in the snow without repercussions.
    • The chip is designed to sign an infinite number of transactions with a life expectancy of 25+ years.
    • The chip is further protected against EMPs (electromagnetic pulses), ESD (electrostatic discharge) and X-rays in compliance with the ISO 7816-1 standard.
    Moreover, we have issued more than 800,000 cards since 2017. There have been no defects, and all the cards are still functioning.

  • What is the lifespan of the card?

    The cards have a minimum lifespan of 25 years, which is guaranteed by Samsung, the chip manufacturer. Technical information about the chip is available on the Samsung website via the link.

  • What will happen to the card when it is exposed to a powerful magnetic field, for example, in an MRI machine? What is the probability that the wallet will demagnetize and stop working?

    The chip doesn't contain any magnetic elements that could demagnetize. Moreover, the Tangem card chip is protected against EMPs (electromagnetic pulses), ESD (electrostatic discharge) and X-rays in compliance with the ISO 7816-1 standard.

  • Will the card work if Tangem doesn’t exist as a company? Does Tangem use its own servers?

    Even though we have no intention of going out of business any time soon (we’ve been running smoothly since 2017), in case something terrible happens, Tangem cards and the app will continue to function. The Tangem app uses the company's servers to verify the card's authenticity, synchronize the list of tokens added between backup cards, and calculate the value of the cryptocurrency in your wallet. Without these services, you will still be able to use your Tangem cards, though it will be a little less convenient. You can read more on our blog via the link.

  • What happens if the app is no longer available for download from App Store/Google Play?

    The previously installed app on your device will be available if the ability to download it from App Store/Google Play suddenly disappears.
    The app works independently of Tangem's servers and will continue to work even if the company shuts everything down. You can also always download the Tangem app on GitHub. Moreover, the Tangem app is fully open source and available on GitHub, so a replacement app can be created by anyone and used to power the card.
    For more details, you can read our blog.

  • Can different access codes be set for each card in the backup?

    By default, the same access code is created for all cards during backup. After that, you can set a different access code on each card through by going to "Details", "Card settings" and then "Change access code".

  • Can I set an access code on Tangem Note?

    In contrast to Tangem Wallet, Tangem Note is a single card, so it has no backup function or access code protection.
    Tangem Note is a good choice for cryptocurrency beginners, and works well as a gift or method for handing over crypto in person.

  • Can I set an access code without creating a backup?

    The access code can only be set if a backup is created. For cards without a backup, you cannot set an access code because if you lose the access code, you will lose access to the wallet. If you have forgotten the access code on a card with a backup, you can reset the code on that card with the help of a second card from the backup.

  • Is there any protection against brute-force attacks?

    The card has protection against brute-force attacks. After the sixth incorrect attempt to enter the access code, the delay time for the next attempt is increased by 1 second. The maximum delay time is 45 seconds. The delay is only reset after the access code has been successfully entered.

  • How can I make sure that I’ve bought an original card?

    Tangem cards cannot be physically modified, as there is a monolithic chip inside the card. Tangem cards cannot be modified in terms of software.
    The official app can accurately check the following:
    — that the card was produced by Tangem;
    — that the card is flashed with Tangem software.

    Tangem’s end-to-end certification means it’s entirely safe to buy, even in a city underpass. The most important things to note are that:
    1. You have installed the official Tangem app.
    2. The cards prompt you to create a wallet. If not, reset the cards to factory settings.

  • How can I check that I’ve received an unused card?

    When you activate the card, you should be prompted to create a wallet. If not, reset the cards to factory settings and create a wallet; this will generate new keys.

  • How can the authenticity of the Tangem firmware be verified?

    Tangem card technology provides a "security through obscurity" approach. The disclosure of the source code within the secure elements would render hardware wallets vulnerable. To prove that the Tangem firmware has no backdoors or bugs that would lead to the loss of funds, Tangem brought in a renowned independent security auditor, Kudelski Security. The results of the audit can be found here.

  • Is it possible to update the card firmware?

    For user safety, the card is flashed once and is not updated again. This eliminates the risk of counterfeit firmware and the possible theft of funds.
    The ability to update the software of a hardware wallet means that you need to trust the wallet manufacturer and hope that there is never an update which compromises your keys.
    In the case of Tangem, the card is flashed only once, and the firmware has been audited by the independent Swiss company Kudelski Security. Moreover, the card can prove that it has the precise firmware that was audited. This is one of the wallet's unique features that makes Tangem the most secure and trusted wallet in the world.