Home
News
Details

Trezor Safe 7 Chip Vulnerability Discovered, User Funds Remain Secure

iconKuCoinFlash
Share
Share IconShare IconShare IconShare IconShare IconShare IconCopy
AI summary iconSummary

expand icon
Trezor Safe 7 has been affected by a vulnerability after researchers identified a flaw in its TROPIC01 chip. Ledger’s Donjon team used laser attacks to bypass firmware checks, while Tropic Square discovered a second exploit affecting the chip’s security. The vulnerability impacts all TROPIC01 chips in production. Trezor states that user funds and keys are not stored on the chip, and a firmware update is now available to mitigate the risk. The security breach can be prevented by applying the fix. Technical details will be disclosed in 2027.

Odaily Planet Daily report: Ledger’s Donjon security research team bypassed the firmware verification system of the TROPIC01 chip inside the Trezor Safe 7 using a laser attack in a laboratory setting. Subsequently, chip manufacturer Tropic Square discovered another attack vector affecting the chip’s MAC-and-Destroy security mechanism. This vulnerability impacts all TROPIC01 chips currently in production. Trezor stated that the TROPIC01 chip is one of three independent security layers within the Trezor Safe 7, and user funds, wallet backups, and private keys are not stored on it.

The chip's hardware-based encryption storage mechanism completely resisted Ledger's extraction attempts during initial testing. Tropic Square has delayed disclosing the technical details of this vulnerability until the enhanced silicon version of TROPIC01 is released in late 2026, with full details expected to be published in spring 2027.

Firmware mitigation is currently possible via the chip's MAINTENANCE mode. Trezor CEO Matej Žák stated that PINs, wallet backups, and user fund keys have never been stored on a single chip. (The Block)

Source:Show original
Disclaimer: The information on this page may have been obtained from third parties and does not necessarily reflect the views or opinions of KuCoin. This content is provided for general informational purposes only, without any representation or warranty of any kind, nor shall it be construed as financial or investment advice. KuCoin shall not be liable for any errors or omissions, or for any outcomes resulting from the use of this information. Investments in digital assets can be risky. Please carefully evaluate the risks of a product and your risk tolerance based on your own financial circumstances. For more information, please refer to our Terms of Use and Risk Disclosure.