We propose a class of attacks on quantum key distribution (QKD) systems where an eavesdropper actively engineers new loopholes by using damaging laser illumination to permanently change properties of system components. This can turn a perfect QKD system into a completely insecure system. A proof-of-principle experiment performed on an avalanche photodiode-based detector shows that laser damage can be used to create loopholes. After ∼1 W illumination, the detectors' dark count rate reduces 2-5 times, permanently improving single-photon counting performance. After ∼1.5 W, the detectors switch permanently into the linear photodetection mode and become completely insecure for QKD applications.