Quantum communication protocols such as quantum cloud computing, digital signatures, coin-tossing, secret-sharing, and key distribution, using similar optical technologies, claim to provide unconditional security guaranteed by quantum mechanics. Among these protocols, the security of quantum key distribution (QKD) is most scrutinized and believed to be guaranteed as long as implemented devices are properly characterized and existing implementation loopholes are identified and patched. Here we show that this assumption is not true. We experimentally demonstrate a class of attacks based on laser damage, capable of creating new security loopholes on-demand. We perform it on two different implementations of QKD and coin-tossing protocols, and create new information leakage side-channels. Our results show that quantum communication protocols cannot guarantee security alone, but will always have to be supported by additional technical countermeasures against laser damage.