Tangem CTO on Security Without Seed Phrases

The security of crypto self-custody remains a pressing concern, especially with increasing cases of lost funds and compromised wallets. While traditional hardware wallets rely on seed phrases, frequent firmware updates, and hardware interfaces like screens and buttons, Tangem proposes a fundamentally different approach: fixed firmware, no seed phrases, and minimalistic hardware.

In this exclusive Q&A with BeInCrypto, Tangem’s Chief Technology Officer (CTO), Andrey Lazutkin, explains the security rationale behind these distinct product design decisions and clarifies some common misconceptions in hardware wallet security.

BeInCrypto: Tangem is pushing for mainstream adoption of self-custody, yet the average crypto newcomer is still wary. How specifically is your model changing the narrative around usability and perceived risk?

Andrey Lazutkin: For many, self-custody feels like walking a tightrope. Lose your seed phrase and your assets are gone; store it carelessly, and you risk theft. 

Tangem removes this anxiety by rethinking how security should work. Instead of a seed phrase, users receive three Tangem cards, each holding the private key securely within its chip. No writing down words, no extra copies floating around, just a one-time backup that ensures full control without exposure. The private key never leaves the cards, meaning there’s zero chance of interception or duplication.

Privacy is also built in by design. No personal data is collected, and for those who prefer discretion, Tangem offers Stealth Wallets without branding and the Tangem Ring, a wearable crypto wallet that blends into everyday life without exposing yourself as a crypto owner and target for hackers.

And what if Tangem disappears tomorrow? The app is open-source, so the community could maintain it, ensuring that wallets continue working exactly as before.

By removing complexity and common failure points, Tangem makes self-custody intuitive, private, and future-proof—so users can focus on crypto, not on what could go wrong.

BeInCrypto: Why did Tangem choose a card-based form factor, and how does it address concerns around blind signing and transaction security?

Andrey Lazutkin: Some traditional hardware wallet manufacturers exaggerate these concerns to justify display-based devices rather than focusing on real security improvements. Tangem, however, takes a different approach by evolving security alongside technology rather than being constrained by outdated hardware designs.

Tangem Wallet eliminates the need for blind signing by ensuring full transaction transparency through the Tangem app, which decodes and displays transaction details before users approve them. Unlike dedicated hardware wallet screens—which often provide only partial or misleading transaction data due to firmware limitations—our mobile-based approach allows for a more comprehensive and up-to-date security model.

Our form factor—credit card-sized, screenless, and built for durability—was chosen to optimize both security and usability. Screens on traditional hardware wallets create a false sense of safety, as they can be compromised through supply chain tampering or firmware attacks. In contrast, Tangem’s architecture eliminates these risks entirely. 

Moreover, the wallet’s non-updatable firmware prevents injection attacks, and by leveraging mobile security standards from OWASP, Google, and Apple, we ensure a highly secure environment for transaction verification. Tangem ensures transaction transparency through our app, allowing users to review transaction details before signing—removing the need for blind signing. We also integrate DEXProtector by Licel, the first EMVCo-approved mobile security tool. 

Furthermore, by choosing a screenless wallet design, our wallet has undergone extreme durability testing, such as withstanding freezing, burning, gunfire, and hydraulic pressure. These tests ensure long-term resilience with a 25-year lifespan and IP69K certification.

By leveraging modern mobile security measures like data encryption, secure local storage, and runtime integrity checks, Tangem provides a secure and seamless signing experience without relying on physical interfaces that are prone to tampering and wear. We focus on delivering true security and usability rather than creating artificial problems to sell hardware.

BeInCrypto: Tangem’s approach seems designed to reduce user anxiety around self-custody. But realistically, how much simpler and safer does the user experience become when traditional safeguards, like seed backups, vanish entirely?

Andrey Lazutkin: Traditional self-custody requires users to strike a delicate balance between security and usability. While essential in conventional wallets, seed phrases often create a burden of responsibility—users must store them securely, avoid loss, and remain constantly vigilant against theft or phishing attacks. Ironically, the very mechanism meant to ensure control often leads to mistakes, compromises, or loss of funds.

Tangem reimagines this process by removing the weakest link: human error. Instead of expecting users to manage a seed phrase, our solution ensures the private key is never exposed—not at creation, backup, or any point in its lifecycle. This fundamentally changes the user experience: security is embedded by design, not dependent on a user’s ability to follow best practices.

The result is both simpler and safer self-custody. Instead of memorizing, writing down, or hiding a seed phrase, users rely on a secure, hardware-backed system where control is maintained without the usual risks. With Tangem, losing a card doesn’t mean losing access—additional backup cards provide redundancy without introducing vulnerabilities.

By eliminating the need for traditional safeguards that often become points of failure, Tangem offers a custody model that is not only more intuitive but also inherently more secure. 

BeInCrypto: But crypto veterans see seed phrases as essential, almost sacred. How does Tangem’s seedless wallet reshape user responsibility and security without making them feel they’ve lost control?

Andrey Lazutkin: For years, the crypto community has viewed seed phrases as a fundamental pillar of self-custody. While they provide a way to recover access to funds, they also introduce a paradox. Once a private key is exposed in an open format, whether written down or stored digitally, it can never be truly considered secure again. The mere act of revealing it, even momentarily, creates an irreversible security risk.

A seed phrase is essentially your private key in plain text, and you never truly know if it’s safe – until it’s too late. Think about it: you could create your wallet on a subway, in a café, or even while walking down the street. Surveillance cameras, shoulder surfers, or just a bad stroke of luck could expose your seed without you ever knowing.

Tangem challenges this paradigm with a radically different approach—one where the private key remains a true secret, even from the user and from everyone, including Tangem. From the moment of creation, the private key is generated and stored securely within the Tangem chipset on the card, never leaving it, never being exposed, and never existing in a human-readable form. This principle extends to backup as well: instead of writing down a seed phrase, users create additional Tangem cards, where the private key is duplicated in an encrypted format, ensuring redundancy without the vulnerabilities of traditional recovery methods.

This model redefines what it means to have full control over one’s crypto assets. By eliminating the risk of human error, phishing attacks, or unauthorized duplication, Tangem provides a level of certainty that no seed phrase can offer. True ownership is not about seeing and managing a string of words—it’s about ensuring that the key to your assets remains exclusively yours, safeguarded in a way that any compromise is literally impossible by nature.

Even when exposed to network-based threats, Tangem cards never go online. They remain completely offline at all times, serving only to sign transactions securely. This ensures private keys are never exposed, not even during transactions.

BeInCrypto: Tangem takes an unconventional stance by locking firmware from updates. How does making firmware permanent help prevent the kind of threats that typically emerge unexpectedly in crypto?

Andrey Lazutkin: Tangem takes a bold, security-first stance by making its firmware non-updatable  –  and while that might seem unconventional at first glance, it’s actually one of the most powerful ways to protect against the evolving threats in the crypto space. 

By making the firmware immutable after production, Tangem eliminates several major risks associated with updatable firmware. One of the most critical is the threat posed by insiders; with updateable firmware, there’s always a risk that a rogue developer could insert a backdoor during an update. Immutable firmware removes this possibility entirely. It also protects against social engineering and coercion, as attackers cannot manipulate or pressure employees—whether through criminal groups or regulatory influence—to introduce malicious code into updates because updates simply aren’t possible. 

Additionally, fixed firmware ensures that all code undergoes thorough testing and auditing before deployment, minimizing the risk of introducing new vulnerabilities through later changes. Finally, since the firmware cannot be modified, it allows for a single, comprehensive independent audit, giving users lasting confidence in the device’s security without the need for repeated evaluations.

By adopting non-updatable firmware, Tangem effectively minimizes attack vectors associated with firmware modifications, thereby enhancing its hardware wallets’ overall security and trustworthiness. Firmware that can’t be changed also means that even Tangem itself can’t alter the device’s behavior after production. That’s a powerful guarantee of trust – users know that what was audited and verified at the time of manufacture is exactly what they’re using, with no surprises down the line.

BeInCrypto: Some argue that static firmware might hinder adaptability in crypto’s fast-moving landscape. What makes you confident Tangem’s rigid firmware approach won’t leave users vulnerable as threats evolve?

Andrey Lazutkin: Indeed, crypto moves fast – but not all parts of it need to. Tangem’s static firmware model isn’t about resisting change; it’s about locking down the most critical layer: the code that secures your private keys. That layer needs to be bulletproof, not constantly changing.

Tangem’s approach is confident because of its deep specialization and proactive design, not reactive patching. The firmware is purpose-built, minimal, and runs inside a certified EAL6+ secure element, meaning it’s already hardened against a wide range of attack vectors, including those we have yet to see.

Here’s the key idea: flexibility can be a liability. Most wallet hacks have come through firmware updates or flawed attempts to “adapt.” Every update channel is a door. Tangem just removes that door entirely. It trades reactive updates for immutability, auditability, and peace of mind.

And it’s not like Tangem is static everywhere. The mobile app remains fully updatable, allowing for new features, UI enhancements, and support for new blockchains or protocols. So, users still get the benefits of adaptability without having to touch the firmware that holds their keys.

Security isn’t about being endlessly flexible – it’s about being unbreakable where it matters most. That’s why we’re confident: Tangem’s firmware isn’t trying to keep up with every trend – it’s built to outlast them.

BeInCrypto: If you had to pick one widely-held security assumption in crypto hardware that Tangem actively disproves, what would it be, and why does overturning it matter now more than ever?

Andrey Lazutkin: One of the most deeply entrenched assumptions in crypto hardware is that “self-custody requires a seed phrase.” It’s treated like gospel: if you don’t write down 24 words and hide them like treasure, you’re not really in control. Tangem flips that completely on its head and proves you can have full sovereignty without ever seeing a seed phrase.

This matters now more than ever. As crypto adoption grows, we’re onboarding people who aren’t engineers, cypherpunks, or security pros; they’re regular users. Expecting them to manage a seed phrase safely is not just unrealistic; it’s dangerous.

And the numbers back this up. According to Chainalysis, over 20% of all Bitcoin, worth more than $140 billion, is estimated to be lost forever, mostly due to forgotten or compromised private keys and seed phrases. That’s not a tech problem, it’s a UX failure. 

Tangem removes the seed phrase entirely. No need to write, hide, or remember anything. The private key is generated and stored securely inside the chip, never exposed in an open format. During the backup process, the key is transferred using a patented technology based on the Diffie-Hellman algorithm with mutual authentication. This ensures that the key is encrypted during transmission from card to card and can only be decrypted by the second card and no other intermediary devices, keeping it always secure. Redundancy is built in via a 2-of-3 card system. You get resilience and simplicity.

By overturning the seed phrase myth, Tangem is reframing what secure self-custody looks like in the real world. It’s not about clinging to rituals, but it’s about building systems that protect people from themselves while still giving them full control.