Tangem wallet.
I just watched this really important video from The CryptoDad about a potential vulnerability in Tangem wallets, and it's definitely something every crypto user should be aware of. Ledger's "Donjon" security team apparently found an exploit involving a "tearing attack" that could allow a hacker with physical access to a Tangem card to brute-force the PIN.
Here's the gist of it: this attack stops the card from registering failed password attempts by cutting off its power source at just the right moment. Then, by analyzing electromagnetic emissions, a hacker could figure out when they've hit the correct PIN. They claim this could reduce the time to crack a four-digit PIN to under an hour and an eight-digit PIN to about 460 days, costing around $5,000 to set up.
Now, Tangem themselves disagree. They say it's not a practical vulnerability and that Donjon's method would actually destroy the card's chip before a PIN could be guessed. They also emphasize that most users would use stronger, alphanumeric PINs than the four-digit ones tested. Ledger's team, however, disputes Tangem's claims, insisting their cards didn't die during testing and that the exploit is very real, especially for weaker PINs.
The good news is that The CryptoDad gives a really straightforward fix: strengthen your access code! If you're using a simple four-digit PIN, you absolutely need to change it. He walks through exactly how to do this in the Tangem app. You go to "Device settings," scan your card, then find the "Access code" option to change it. You'll want to use a combination of letters, numbers, and symbols, making it much harder to crack. He also pointed out that when you initially set up a card set, the access code is imprinted on all cards, but if you're changing it later, you have to update each card individually within the app, so be careful to do all of them!
It's clear that while there's a disagreement between Ledger and Tangem, being proactive about your security is always the best approach. If someone were to get their hands on your card, a strong access code is your best defense.