Researchers found that a laboratory-based laser fault injection attack could extract certain chip secrets and bypass firmware signature checks. Trezor stated that the flaw affects only one of three independent security layers in the Safe 7 and does not provide access to user PINs, wallets, or funds.
Trezor Discloses Hardware Wallet Vulnerability
Hardware wallet manufacturer Trezor and semiconductor company Tropic Square disclosed a security vulnerability affecting the TROPIC01 Secure Element chip used in the Trezor Safe 7 hardware wallet. Despite the discovery, both companies made it clear that user funds remain secure and that no action is required from customers.
The vulnerability was identified during an independent security audit conducted by Ledger Donjon, the white-hat research division of rival hardware wallet maker Ledger. As part of the review, Tropic Square provided the TROPIC01 chip to Ledger Donjon for testing. The research uncovered a flaw that could be exploited through a sophisticated laser fault injection attack performed under laboratory conditions.
According to the disclosure, Ledger Donjon informed Tropic Square of its findings in January of 2026. Researchers demonstrated that the attack could extract certain secrets from the chip and bypass firmware signature verification mechanisms. Tropic Square later discovered an additional method that leveraged the same underlying weakness, potentially exposing another secret linked to PIN-related functions within the chip.
Trezor explained that the flaw impacts only one of the three independent security layers incorporated into the Trezor Safe 7. The company explained that compromising the TROPIC01 chip alone is not sufficient to gain access to a user's PIN, cryptocurrency wallet, or digital assets.
Trezor CEO Matej Žák stated that the Safe 7 was specifically designed with multiple independent security mechanisms to prevent a single point of failure from jeopardizing customer funds. The wallet combines the TROPIC01 Secure Element with an OPTIGA Trust M chip and an STM32U5 microcontroller, which creates a layered security architecture responsible for device authentication, PIN verification, and wallet generation.
Trezor Safe 7 (Source: Trezor)
Because the issue originates at the hardware level, it cannot be resolved through a standard firmware update. Nevertheless, Trezor and Tropic Square chose to publicly disclose the vulnerability after a review of Ledger Donjon’s findings.
Ledger Donjon previously examined Trezor devices and published research on potential physical attack vectors. Earlier reports pointed out concerns surrounding hardware wallet security, including vulnerabilities related to microcontrollers and other chip-level components.
