A surge of interest in self‑custody has pushed hardware wallets from a niche solution into the mainstream space. In the wake of exchange collapses and large‑scale hacks, investors increasingly seek devices that promise to hold private keys offline and out of reach of attackers. Yet hardware wallets are not immune to compromise. Researchers in recent years have documented supply‑chain manipulation and firmware spoofing attacks that undermine device security long before a user ever enters a seed phrase. Those discoveries have raised a question central to self‑custody: how reliable are hardware wallets when adversaries can tamper with components or code before they reach customers?
Evolving threats are after the hardware wallets
The most notorious of the new attack classes emerged in 2024. Known as Dark Skippy, the method modifies the firmware on hardware wallets so the device generates weak cryptographic nonces and gradually leaks bits of the private key through transaction signatures. Because the firmware can hide this exfiltration, victims may not realise anything is wrong until the attacker has reconstructed their key and drained their funds. Dark Skippy highlights a more general weakness: many hardware wallets have firmware that can be updated, enabling an adversary who compromises a supply chain to install malicious code.
Supply‑chain interception attacks illustrate a parallel risk. In several reported cases, criminals intercepted shipments, replaced secure chips or loaded modified firmware, and resealed the boxes. Victims received devices that looked genuine but contained microcontrollers with disabled flash memory protection; the hacked firmware used predetermined seed phrases and limited passphrase options, giving attackers control. Such attacks are difficult to detect. A researcher from Kaspersky lab, while comparing legitimate and counterfeit Trezor devices found that the fake used a different microcontroller and lacked a bootloader integrity check, allowing malicious code to run. In 2025 researchers from Ledger Donjon demonstrated that a voltage‑glitching attack against the microcontroller in Trezor’s Safe 3 and Safe 5 wallets could force the device to generate predictable seeds. Because compromised devices can pass as brand‑new, security experts recommend purchasing only from manufacturers or authorised resellers and verifying firmware authenticity.
A ”monolithic” counter-approach
In reaction, Swiss company Tangem AG has positioned its devices as a bulwark against supply‑chain and firmware manipulation. Founded in 2017, Tangem first offered credit‑card‑shaped NFC wallets and more recently introduced a ceramic ring that functions as a wearable hardware wallet. Both products are built around a highly secure “monolithic” chip; the firmware and private key generator reside inside the chip and cannot be modified externally. Tangem says the card’s chip is certified to Evaluation Assurance Level 6+, a security grade comparable to that used in e‑passports and government ID cards.
During initial activation, the chip uses a hardware random number generator to create the private key offline. The Tangem app does not generate or store the key; it merely facilitates transactions. According to company documentation, the firmware is burned into the chip once during manufacturing and cannot be updated. That design eliminates the possibility of malicious firmware updates but also prevents users from patching future vulnerabilities. To combat counterfeit devices, the Tangem app verifies the authenticity of both the chip and firmware when the wallet is scanned. If the scan does not prompt a wallet‑creation process, the company advises users to reset the card.
Tangem’s flagship ring extends this architecture into a wearable form factor. The ring is made of zirconia ceramic with an IP69K rating for water and dust resistance and uses the same EAL6+ secure element. It supports sending, receiving, buying, swapping and staking cryptocurrencies via NFC and includes two backup cards; the private key is distributed across the ring and cards so that losing one does not compromise the wallet. A brute‑force protection feature adds a delay after incorrect passcode attempts, reducing the risk of unauthorized access.
Claims of unmodifiable firmware have been backed by independent audits. In late 2023, Tangem commissioned an audit from a Dutch provider Riscure, a firm that specialises in hardware security. Riscure examined the firmware through the NFC interface and concluded that there were “no vulnerabilities or backdoors”. It also assessed side‑channel attack mitigations and recommended optional encryption of data in transit. The introduction of firmware attestation allows the Tangem app to cryptographically verify that the firmware on the chip matches a known good version.
Independent verification is critical because Tangem’s firmware cannot be updated: any flaw present at manufacturing will persist throughout the device’s life. While audits do not guarantee that no vulnerabilities exist, they provide transparency and reduce the risk of undiscovered backdoors. Transparency is further enhanced by the company’s release of its mobile app and firmware code on GitHub, enabling public review.
Wearable wallets and the industry
Tangem’s ring arrives amid broader experimentation with wearable payments. In the mainstream banking sector, Quontic Bank introduced a “Pay Ring” debit ring in 2022 to differentiate itself from competitors. According to the bank’s CEO, the ring aims to skip both physical and mobile wallets by embedding payment capability in the user’s hand. However, logistical challenges such as maintaining stock of different ring sizes and persuading customers to adopt an unfamiliar form factor prevent widespread adoption.
In the crypto space, early prototypes like the Nymi wristband and MEVU bracelet promised hands‑free payments in 2014 but never reached mainstream due to technical and security hurdles. Tangem’s ring is an attempt to overcome those challenges by combining the convenience of wearables with secure self‑custody. The device does not need charging, because it draws power from the NFC reader; this addresses a common complaint about battery‑powered wearables. Yet the product’s price (around €799 for the ring and backup cards) and limited ring sizes have raised concerns that wearable wallets may become status symbols rather than a democratising technology.
Market researchers expect hardware wallets to remain a niche but rapidly growing sector. A compound annual growth rate of around 30% for hardware wallets is expected between 2025 and 2030, with NFC‑enabled devices predicted to grow even faster. The growth is driven by increased adoption of cryptocurrencies and demand for offline storage solutions. Tangem’s ring and similar wearables could find a foothold among users seeking convenience without relinquishing custody.
Our Conclusion
Hardware wallets are often portrayed as a silver bullet for self‑custody, but recent supply‑chain and firmware attacks show that they, too, are vulnerable. Tangem’s monolithic chip architecture and independent audits represent a robust attempt to address these threats. By eliminating firmware updates and adding cryptographic attestation, the company reduces the attack surface and provides a transparent security model. Its wearable ring seeks to make self‑custody more convenient without compromising on security.
However, no solution is foolproof. The inability to update firmware means that Tangem devices rely heavily on the quality of initial coding and the completeness of audits. As the hardware wallet market grows, users and manufacturers alike must continue to balance convenience with rigorous security practices. For now, the most reliable protection may still be a combination of trusted hardware, vigilant purchasing habits and an informed understanding of the risks.
