Trezor has disclosed a hardware flaw in the secure element chip inside its flagship Safe 7 wallet, while insisting that customer funds stay fully protected. Key Points: ‣ Trezor disclosed a v
Trezor has disclosed a hardware flaw in the secure element chip inside its flagship Safe 7 wallet, while insisting that customer funds stay fully protected.
‣ Trezor disclosed a vulnerability in the TROPIC01 secure element chip powering its Safe 7 hardware wallet. ‣ Ledger's Donjon team uncovered the flaw using a laser fault injection attack carried out inside a controlled laboratory. ‣ Exploiting it demands physical possession of the device, so user funds remain protected.
The weakness sits in the TROPIC01 secure element, one of three independent layers built into the recently launched Safe 7, and it surfaced during an outside security audit. Researchers at Ledger's Donjon unit, the in-house security team of a longtime Trezor competitor, carried out the tests over recent months.
Those engineers bypassed the chip's firmware verification with a single precise laser strike, exposing one of three secrets that guard the user's PIN and trimming the wallet's protection from three layers down to two.
Chip maker Tropic Square later found a second attack route tied to the mechanism that verifies a user's PIN. The company plans to withhold the full technical details until an upgraded version of the chip reaches buyers. The Safe 7 pairs TROPIC01 with a second, certified secure element, so an attacker would still have to defeat both chips to reach the seed.
User wallets were never breached.
Also Read:Microsoft Releases New AI Models To Challenge Anthropic's Business Push
Blockchain security firm Cyvers echoed the view that funds stay safe, noting the exploit requires physical possession of the wallet, full disassembly, and rare laboratory equipment. Deddy Lavid, the firm's chief executive, warned that everyday holders face far larger threats, citing "phishing, seed phrase theft" and blind transaction signing. No real-world attacks or tampered devices have surfaced so far.
Trezor chief executive Matej Žáksaid the coordinated disclosure should set a benchmark for the wider industry. He framed the open audit as evidence that publicly verifiable hardware makes self-custody safer, even as the company stopped short of detailing any refund plan for buyers.
The disclosure follows a March 2025 episode, when the same researchers flagged firmware weaknesses in the older Safe 3 and Safe 5 models. Security teams have also demonstrated voltage glitching on earlier Trezor hardware, a low-cost method that pulled seed phrases straight from the chips of older models.
Cold wallets like the Safe 7 still guard assets such as Bitcoin(BTC) far better than hot wallets that keep private keys connected to the internet.
Read Next:Anthropic Opens Claude Mythos To 150 Companies Just A Day After IPO Filing
