Trezor and chipmaker Tropic Square disclosed a vulnerability in the TROPIC01 Secure Element used in the Trezor Safe 7 hardware wallet, after Ledger's Donjon security team carried out a laser fault injection attack under lab conditions. The companies said the flaw does not put user funds at risk because the Safe 7 relies on three independent security layers, and compromising TROPIC01 alone is not enough to access a wallet, PIN or private keys.
Trezor and chipmaker Tropic Square disclosed a vulnerability in the TROPIC01 Secure Element used in the Trezor Safe 7 hardware wallet, after Ledger's Donjon security team carried out a laser fault injection attack under lab conditions. The companies said the flaw does not put user funds at risk because the Safe 7 relies on three independent security layers, and compromising TROPIC01 alone is not enough to access a wallet, PIN or private keys.
Ledger Donjon informed Tropic Square in January 2026 that it had successfully bypassed some of the chip's protections and extracted secrets stored within the component, as well as circumvented firmware signature verification. After reviewing those findings, Tropic Square engineers identified an additional method that could expose another secret tied to PIN-related chip functions. The companies opted for public disclosure on June 3.
"Because the Trezor Safe 7 was built with multiple independent security layers, a vulnerability in TROPIC01 does not put user funds at risk," Matej Žák, chief executive officer of Trezor, said.
The Safe 7, which launched in October 2025, combines TROPIC01 with two other chips — OPTIGA Trust M and STM32U5 — to handle PIN verification, device authenticity and wallet creation. The flaw exists at the hardware level and cannot be fixed through a remote firmware update. An attacker would need physical possession of a device, specialized laboratory equipment and advanced technical expertise to attempt the exploit, and there is no evidence the vulnerability has been used in any real-world attack.
The disclosure marks a rare public collaboration between two of the hardware wallet industry's biggest rivals. Ledger Donjon has previously published independent research on Trezor devices, including a report on the Trezor Safe 3 that demonstrated a supply-chain-style physical interception attack. Trezor responded at the time and said no user funds had been compromised.
Tropic Square markets TROPIC01 as an open and auditable secure element, allowing researchers to inspect hardware that would typically remain closed under non-disclosure agreements. The finding shows that open testing can reveal weaknesses before malicious actors do, while also underscoring that hardware wallet security depends on full device design rather than any single component. Trezor said users do not need to take any action and should continue buying devices from official channels, keeping firmware updated and protecting recovery phrases offline.
This article is for informational purposes only and does not constitute investment advice.
