CoinDesk
Trezor has disclosed a hardware vulnerability in the TROPIC01 security chip used in its new Safe 7 wallet, after rival Ledger's Donjon research team successfully executed a laboratory attack bypassing some of the chip's protections. Despite the finding, Trezor says no user funds are at risk and no action is required from customers.
Why it matters
The flaw is notable for two reasons: what it reveals about the Safe 7's architecture, and how it was found. Trezor's Safe 7 relies on multiple independent security layers rather than trusting a single chip, which means a compromise of the TROPIC01 alone does not expose private keys, wallet backups, or crypto holdings. Tropic Square — the Trezor sister company that developed the chip — later identified a related weakness that could leak additional stored information, but the same multi-layer defence applies. Exploitation would require physical possession of the device, expensive specialised laboratory equipment, and advanced technical expertise. There is no evidence of any real-world attack.
Market impact
The disclosure is arguably a confidence signal rather than a red flag. The vulnerability was surfaced through a formal, transparent audit process between two of the hardware wallet industry's biggest competitors — a model Trezor CEO Matej Žák called the standard the industry should hold itself to. For investors and self-custody advocates watching the hardware wallet space, the episode reinforces that layered security design and open disclosure culture matter more than any single chip's perfection.
Crypto News
WuBlockchain
CoinTelegraph