Case Study – Tangem

Audit of Tangem’s Smartcard Wallet Code

Tangem provides smart banknotes for digital assets, which enable users to carry fixed quantities of cryptocurrency on a physical plastic card. In 2018, they enlisted the help of Kudelski Security to perform an audit of their flagship product’s source code.

“As a fintech startup seeking to gain the trust of new customers, the main goal was to prove that our closed source solution is safe and secure. We needed a reputable independent auditor to vouch for the security of our product. Kudelski Security already had a proven track record in crypto and blockchain, so they were a natural choice.” (Andrey Kurennykh, Founder & CTO of Tangem).

Our audit covered the internal logic of Tangem banknotes as defined by the source code, but we did not assess security against physical attacks. The card includes a number of protections, including those provided by EAL6+ components.

During the course of our investigation we identified a number of security risks products’ source code. Tangem’s engineers set to work immediately to resolve the issues.

“Once the investigations were complete, we received really valuable feedback that has helped us improve the security of our product. The whole process has reinforced our belief that external security audits are critical to our development process.”

After re-auditing the source code, our experts were satisfied that appropriate measures had been taken to secure against counterfeiting and cloning of Tangem banknotes, and against theft of digital assets.

After all issues had been addressed, it was publicly announced that Tangem’s flagship product had been audited by Kudelski Security.

“For a startup like us, speed and flexibility are essential when it comes to external partners. Kudelski Security’s experts were supportive and rigorous throughout the audit, and our customers can now rest easy knowing that we truly value the security of their digital assets.”