The rising enthusiasm for self-custody has propelled hardware wallets from specialized tools into widely adopted solutions. Following a series of exchange failures and significant cyberattacks, investors are increasingly turning to devices that safeguard private keys offline, shielding them from potential hackers. Nevertheless, hardware wallets are not impervious to threats. Recent research has uncovered sophisticated supply-chain tampering and firmware manipulation tactics that compromise device security well before users input their seed phrases. These findings prompt a crucial inquiry in the realm of self-custody: how trustworthy are hardware wallets when adversaries can interfere with hardware components or software prior to delivery?
Emerging Risks Targeting Hardware Wallets
One of the most alarming attack vectors surfaced in 2024 under the name Dark Skippy. This technique involves altering the firmware of hardware wallets so that the device produces weak cryptographic nonces, subtly leaking fragments of the private key through transaction signatures over time. Because this data exfiltration is concealed within the firmware, users often remain unaware until attackers have fully reconstructed their keys and emptied their accounts. Dark Skippy underscores a broader vulnerability: many hardware wallets allow firmware updates, which can be exploited by attackers who infiltrate the supply chain to implant malicious code.
Supply-chain interception attacks present a similar danger. In multiple documented incidents, criminals intercepted shipments, swapped out secure chips, or installed tampered firmware before resealing the packaging. The end users received devices that appeared authentic but contained microcontrollers with disabled flash memory protections. These compromised devices operated with preset seed phrases and restricted passphrase options, granting attackers full control. Detecting such tampering is challenging. For instance, a Kaspersky researcher comparing genuine and counterfeit Trezor wallets discovered that the fake device used a different microcontroller and lacked bootloader integrity verification, enabling malicious firmware execution. In 2025, Ledger Donjon researchers demonstrated that voltage-glitching attacks on the microcontrollers of Trezor’s Safe 3 and Safe 5 models could coerce the device into generating predictable seeds. Since these compromised wallets can appear brand new, experts strongly advise purchasing exclusively from official manufacturers or authorized dealers and verifying firmware authenticity rigorously.
A Unified Hardware-Software Defense Strategy
In response to these challenges, Swiss firm Tangem AG has developed hardware wallets designed to resist supply-chain and firmware compromises. Established in 2017, Tangem initially launched credit-card-sized NFC wallets and has recently introduced a ceramic ring that serves as a wearable hardware wallet. Both products utilize a highly secure “monolithic” chip architecture, where the firmware and private key generator are embedded within the chip itself, preventing any external modifications. Tangem asserts that their chip meets the Evaluation Assurance Level 6+ (EAL6+) certification, a security standard comparable to those used in electronic passports and government-issued IDs.
At activation, the chip employs a hardware-based random number generator to create the private key entirely offline. The accompanying Tangem app neither generates nor stores the private key; it solely facilitates transaction signing. According to company specifications, the firmware is permanently written into the chip during manufacturing and cannot be updated afterward. This design choice eliminates risks associated with malicious firmware updates but also means users cannot patch potential future vulnerabilities. To guard against counterfeit products, the Tangem app authenticates both the chip and firmware upon scanning the wallet. If the scan does not initiate a wallet creation process, users are advised to reset the device immediately.
The flagship Tangem ring extends this secure design into a wearable format. Crafted from zirconia ceramic with an IP69K rating for exceptional water and dust resistance, the ring incorporates the same EAL6+ secure element. It supports a range of cryptocurrency operations-including sending, receiving, purchasing, swapping, and staking-via NFC. The private key is split between the ring and two backup cards, ensuring that losing one component does not compromise the entire wallet. Additionally, a brute-force protection mechanism introduces delays after incorrect passcode attempts, mitigating unauthorized access risks.
Claims regarding the immutability of Tangem’s firmware have been substantiated through independent security audits. In late 2023, Tangem engaged Dutch cybersecurity firm Riscure to evaluate the firmware via the NFC interface. The audit found no vulnerabilities or backdoors and assessed the device’s resistance to side-channel attacks, recommending optional encryption for data transmission. The introduction of firmware attestation enables the Tangem app to cryptographically verify that the chip’s firmware matches a trusted version.
Independent validation is vital because the inability to update firmware means any manufacturing flaws remain permanent. While audits cannot guarantee absolute security, they enhance transparency and reduce the likelihood of hidden backdoors. Tangem further promotes openness by publishing its mobile app and firmware source code on GitHub, inviting public scrutiny.
Wearable Wallets and Industry Trends
Tangem’s wearable ring arrives amid a broader wave of innovation in wearable payment technologies. In traditional banking, Quontic Bank launched a “Pay Ring” debit device in 2022, aiming to replace both physical cards and mobile wallets by embedding payment functionality directly on the user’s finger. However, challenges such as managing diverse ring sizes and convincing customers to adopt an unconventional form factor have limited widespread acceptance.
Within the cryptocurrency sector, early attempts like the Nymi wristband and MEVU bracelet in 2014 sought to enable hands-free payments but failed to gain traction due to technical limitations and security concerns. Tangem’s ring attempts to address these issues by merging the convenience of wearables with robust self-custody security. Notably, the device requires no battery charging, as it draws power from the NFC reader-resolving a common complaint about battery-dependent wearables. Nevertheless, the relatively high price point (approximately €799 for the ring and backup cards) and limited sizing options have sparked debate over whether wearable wallets will become exclusive luxury items rather than accessible tools for mass adoption.
Market analysts predict that hardware wallets will continue as a niche yet rapidly expanding market segment. Between 2025 and 2030, the sector is expected to grow at a compound annual rate of about 30%, with NFC-enabled devices anticipated to outpace this growth. This surge is fueled by increasing cryptocurrency adoption and a growing preference for offline key storage. Tangem’s ring and similar wearable solutions may carve out a niche among users who prioritize convenience without sacrificing control over their assets.
Final Thoughts
While hardware wallets are often hailed as the ultimate solution for self-custody, recent incidents involving supply-chain and firmware attacks reveal inherent vulnerabilities. Tangem’s monolithic chip design combined with independent security audits offers a compelling defense against these threats. By eliminating firmware updates and incorporating cryptographic attestation, the company minimizes potential attack vectors and fosters a transparent security framework. Its wearable ring aims to enhance user convenience without compromising safety.
Nonetheless, no approach is entirely foolproof. The absence of firmware update capability means Tangem devices depend heavily on the initial software quality and thoroughness of audits. As the hardware wallet landscape evolves, both users and manufacturers must strike a careful balance between ease of use and stringent security measures. For now, the most dependable protection remains a combination of trusted hardware, cautious purchasing practices, and a well-informed awareness of potential risks.
