Home
News
Details

Trezor Discloses Hardware Wallet Vulnerability in Safe 7 Chip

iconCoinpaper
Share
Share IconShare IconShare IconShare IconShare IconShare IconCopy
AI summary iconSummary

expand icon
Trezor revealed a vulnerability in the Safe 7 chip used in its hardware wallets, following a security audit by Ledger Donjon. The flaw, linked to the TROPIC01 Secure Element, could be exploited via laser fault injection in lab settings. The company clarified the issue affects only one of three security layers and does not risk user PINs or funds. Tropic Square confirmed no action is needed from users. As the crypto industry moves closer to MiCA (EU Markets in Crypto-Assets Regulation), such disclosures highlight the importance of safe-haven assets in maintaining trust.

Researchers found that a laboratory-based laser fault injection attack could extract certain chip secrets and bypass firmware signature checks. Trezor stated that the flaw affects only one of three independent security layers in the Safe 7 and does not provide access to user PINs, wallets, or funds.

Trezor Discloses Hardware Wallet Vulnerability

Hardware wallet manufacturer Trezor and semiconductor company Tropic Square disclosed a security vulnerability affecting the TROPIC01 Secure Element chip used in the Trezor Safe 7 hardware wallet. Despite the discovery, both companies made it clear that user funds remain secure and that no action is required from customers.

The vulnerability was identified during an independent security audit conducted by Ledger Donjon, the white-hat research division of rival hardware wallet maker Ledger. As part of the review, Tropic Square provided the TROPIC01 chip to Ledger Donjon for testing. The research uncovered a flaw that could be exploited through a sophisticated laser fault injection attack performed under laboratory conditions.

According to the disclosure, Ledger Donjon informed Tropic Square of its findings in January of 2026. Researchers demonstrated that the attack could extract certain secrets from the chip and bypass firmware signature verification mechanisms. Tropic Square later discovered an additional method that leveraged the same underlying weakness, potentially exposing another secret linked to PIN-related functions within the chip.

Trezor explained that the flaw impacts only one of the three independent security layers incorporated into the Trezor Safe 7. The company explained that compromising the TROPIC01 chip alone is not sufficient to gain access to a user's PIN, cryptocurrency wallet, or digital assets.

Trezor CEO Matej Žák stated that the Safe 7 was specifically designed with multiple independent security mechanisms to prevent a single point of failure from jeopardizing customer funds. The wallet combines the TROPIC01 Secure Element with an OPTIGA Trust M chip and an STM32U5 microcontroller, which creates a layered security architecture responsible for device authentication, PIN verification, and wallet generation.

Trezor Safe 7 (Source: Trezor)

Because the issue originates at the hardware level, it cannot be resolved through a standard firmware update. Nevertheless, Trezor and Tropic Square chose to publicly disclose the vulnerability after a review of Ledger Donjon’s findings.

Ledger Donjon previously examined Trezor devices and published research on potential physical attack vectors. Earlier reports pointed out concerns surrounding hardware wallet security, including vulnerabilities related to microcontrollers and other chip-level components.

Source:Show original
Disclaimer: The information on this page may have been obtained from third parties and does not necessarily reflect the views or opinions of KuCoin. This content is provided for general informational purposes only, without any representation or warranty of any kind, nor shall it be construed as financial or investment advice. KuCoin shall not be liable for any errors or omissions, or for any outcomes resulting from the use of this information. Investments in digital assets can be risky. Please carefully evaluate the risks of a product and your risk tolerance based on your own financial circumstances. For more information, please refer to our Terms of Use and Risk Disclosure.