Ledger's security research team disclosed a laser fault-injection attack that can reset passwords on Tangem hardware wallet cards by bypassing a recovery-state firmware check. Tangem has characterized everyday user risk as virtually nonexistent, but the disclosure demonstrates that physical attack vectors on hardware wallets remain viable under lab conditions. Ledger and Tangem are direct competitors, though the technical finding itself is independently verifiable.
For Armada's crypto desk, this matters because custody security is a core pillar of the firm's SOC 2 positioning and client-facing no-rehypothecation policy. While Armada uses Fireblocks MPC-based custody rather than hardware wallet cards, the disclosure is a reminder that physical and firmware attack surfaces require ongoing due diligence. Armada should confirm with Fireblocks that its key management architecture has no analogous physical fault-injection exposure and retain that confirmation in SOC 2 audit documentation.