Hackers Don't Need to Break Your Wallet. They Just Need to Find This.
Tangem
Most successful attacks on hardware wallet users don't break the secure element. They don't need to. They go around it; through the firmware, the PIN, or the seed phrase sitting on a piece of paper somewhere.
The secure element is the strongest component of a hardware wallet, but it is not the whole system.
Think of it like a medieval castle. The keep is the most defensible point: the last line of defense. But a castle isn't just a keep. It's a moat, outer walls, a gatehouse, and finally the keep at the center. Abandoning the outer defenses doesn't make the keep irrelevant. It just means the attacker arrives at your door faster.
It involves 3 layers.
Layer one: firmware
The SE stores and protects the private key, but it doesn't decide on its own what to do with it. It takes instructions from the device's firmware. Malicious or modified firmware can manipulate what is sent to the chip and what is displayed on the screen. It can show you an address different from the one being signed. It can silently alter transaction amounts.
None of this requires breaking the chip. It works by controlling which approaches it takes.
Layer two: PIN
The PIN is your gatehouse. It stops unauthorized users from interacting with the device at all. PIN verification happens inside the SE, with attempt limits that make brute-force guessing effectively impossible.
What it doesn't stop: someone who has your seed phrase. They don't need your device. They don't need your PIN. They can reconstruct your wallet from the words alone using compatible software.
Layer three: the seed phrase
This is the secret passage in the castle metaphor — the recovery route that bypasses every other defense if it falls into the wrong hands.
The seed phrase is a plaintext copy of your private key, outside the chip, on paper, in your home. Physical theft, fire damage, accidental digital exposure, and inheritance gaps are all real risks that no chip can address. How you store those words matters as much as the chip protecting the key they represent.
The system as a whole
Effective security is determined by the weakest layer in the context of the actual threat. A wallet with EAL6+ certification and a seed phrase in a phone's notes app has notes-app-level security, regardless of the chip rating. The secure element earns its central role. But "the SE is strong" and "the wallet is secure" are different statements.
Full breakdown of all three layers and how to harden each one on the Tangem blog: https://tangem.com/en/blog/post/secure-element-2/