As a leading crypto hardware wallet manufacturer, we’re thrilled to announce an in-depth software audit of the Tangem Wallet by Riscure, an independent security lab specializing in evaluating the security of embedded software, chips, and devices.
This is the second successful audit of the Tangem Wallet by a renowned security apparatus — Kudelski Security conducted our first firmware audit in August 2018. Since its inception, Tangem has produced over 1,000,000 cards, and 0 have been hacked — a testament to our rigorous approach to securing our users’ assets while giving them full control over their private keys.
Tangem Wallet audit results
In this audit, Riscure examined the source code and architecture of Tangem's crypto wallet, testing all functionalities and commands accessible through the NFC interface. The primary goal was to identify potential vulnerabilities and logic-related security issues. The security evaluation did not reveal security issues that would lead to exposure of the wallet's private keys. Importantly, no backdoors were identified in the firmware that could be exploited.
These audit results further confirm Tangem's mission to provide a robust device that safeguards users from a variety of attacks. The evaluation by Riscure has also verified that the Crypto Wallet offers mechanisms to minimize the risk of Side Channel attacks and optionally provides a mechanism to encrypt data in transit.
Who is Riscure?
Riscure is a leading vendor of security services, tools, and training for edge devices. Our tooling helps global technology leaders to build robust hardware and software solutions. Riscure security analysts bring top-notch security expertise to development teams and aim to run no-pain certification projects.
Built on a wealth of security research and extensive practical experience, Riscure is well recognized for its technical leadership. Riscure serves the semiconductor, mobile security and mobile payment, automotive and premium content industries, and the government sector.
Why independent firmware audits are vital to hardware wallets
Independent audits of a hardware wallet's firmware are crucial for ensuring the security and trustworthiness of the device. Hardware wallets play a pivotal role in safeguarding users' cryptocurrency assets, and their firmware serves as the foundational software that manages key operations.
These audits provide a third-party assessment of the firmware's code, identifying potential vulnerabilities and ensuring it aligns with the highest security standards. By subjecting the firmware to external scrutiny, successful audits can give users confidence in the wallet's resilience against hacking attempts or malicious exploits.
Today’s crypto space is still crawling with malicious actors, and we believe that independent audits serve as a proactive measure to inspire trust among users. They ultimately promote a more secure environment for storing and managing digital assets.
What’s next for Tangem?
Two successful independent audits undoubtedly provide a more thorough and reliable evaluation of Tangem's security posture while enabling greater trust in our wallet's integrity among our users and stakeholders.
As we continue to manufacture and offer the best cold wallet devices on the market today, we will invest in educational efforts to inform users about the security measures in place and provide guidance for the secure usage of Tangem hardware wallets.