
A vulnerability has been found in Tangem hardware wallets. The findings were published by the research team at Ledger - a direct competitor of Tangem that also makes hardware wallets.
Tangem wallets are fairly widely used. They have one feature that is unique among hardware wallets: users can move funds into a smart contract and spend them through a virtual Visa card. As far as I know, Tangem was actually the first to offer a way to spend crypto assets via card payments while still holding the keys to those assets yourself.
And now, out of nowhere, a competitor has found a vulnerability affecting literally every Tangem wallet ever sold - past or present. In theory, this should be the end of Tangem. One of the defining features of their devices is that they cannot be reflashed. Customers saw that as a strength, but in this case it means the only real fix would be recalling every device they have ever shipped and starting over with a fundamentally new design. What company could survive a hit like that?
But there is one interesting detail. Exploiting this vulnerability requires physical access to the device, expensive lab-grade laser equipment, and serious expertise in hardware hacking. On one hand, that might suggest most users have nothing to worry about: it is unlikely anyone with that level of resources would bother targeting them. On the other hand, a vulnerability is still a vulnerability.
So the real question becomes: who does Tangem itself consider the main threat:
If it is the former, existing wallets will get recalled. If it is the latter, they will be left in circulation.
Who do you think is the bigger threat?