Trezor says Safe 7 chip flaw found by Ledger does not put funds at risk
A security vulnerability in the TROPIC01 chip has been disclosed by Trezor and Tropic Square following a Ledger Donjon security audit, with assurances that the Safe 7 device and user assets are not compromised.
Trezor, a leading hardware wallet manufacturer, along with chip producer Tropic Square, have publicly revealed a security weakness affecting one of the three independent protection layers integrated into the Trezor Safe 7 hardware wallet, while emphasizing that customer funds face no exposure risk.
The security weakness came to light through an independent security examination performed by Ledger Donjon, the specialized security research division of competing hardware wallet producer Ledger, as detailed in an official Trezor communication provided to Cointelegraph.
The affected TROPIC01 Secure Element chip was supplied by Tropic Square to Ledger Donjon's researchers for independent evaluation purposes. According to Trezor's statement, successfully exploiting TROPIC01 in isolation would prove insufficient for gaining access to user wallets, PINs or cryptocurrency holdings, given that Safe 7 employs multiple independent protection mechanisms, which include an additional secure element component.
This public revelation provides an uncommon glimpse into the procedures hardware wallet manufacturers follow when addressing chip-level security vulnerabilities and underscores the increasingly important contribution of independent security researchers in evaluating cryptocurrency custody hardware.
Flaw surfaced during independent security testing
Based on Trezor's account, the security flaw emerged during an independent security assessment commissioned by Tropic Square following the deployment of its TROPIC01 secure element in the first quarter of 2025.
In January 2026, Ledger's Donjon division notified Tropic Square that its team had successfully executed a laser fault injection attack targeting the chip, which enabled the researchers to retrieve certain secrets stored within the chip and circumvent firmware signature verification mechanisms in controlled laboratory environments.
Following a comprehensive evaluation of the findings presented by Ledger Donjon, engineering teams at Tropic Square uncovered an alternative exploitation pathway for the vulnerability that had the potential to reveal another chip-stored secret associated with PIN-related operations.
Tropic Square subsequently informed its business partners, which included Trezor, and made the decision to publicly announce the vulnerability in conjunction with the publication of Donjon's research findings.
Trezor says users do not need to take any action
According to Trezor, device owners are not required to perform any steps in response to this vulnerability disclosure, with the company reiterating that the security issue does not impact cryptocurrency funds maintained on the hardware device, as successfully exploiting TROPIC01 in isolation proves inadequate for obtaining access to the wallet, PIN or stored assets.
Given that the vulnerability resides at the hardware component level, remediation through remote firmware updates is not technically feasible.
"Because the Trezor Safe 7 was built with multiple independent security layers, a vulnerability in TROPIC01 does not put user funds at risk,"
Trezor CEO Matej Žák
The company highlighted that Ledger's Donjon research team has a history of publishing independent security analyses examining its product line, including a previous assessment of the Trezor Safe 3 that illustrated an attack scenario requiring supply-chain-level physical device interception, component desoldering and device modification prior to customer delivery.
At that time, the company issued a public response and has since implemented ongoing security hardening measures to defend against such attack methodologies, while noting that no instances of actual user fund compromise have come to its attention.
Cointelegraph contacted Trezor seeking information about security audits performed on the remaining two chips deployed in the Safe 7 device, in addition to chips utilized in earlier product generations, though no response had been obtained prior to this article's publication.