Trezor and Tropic Square Disclose TROPIC01 Chip Vulnerability in Safe 7 Wallet

• Trezor and chip designer Tropic Square disclosed on June 3, 2026, a hardware vulnerability in the TROPIC01 secure element used in the Trezor Safe 7 wallet, found through an independent audit by rival Ledger’s Donjon research team.
• The flaw uses a laboratory laser fault injection attack to bypass the chip’s firmware signature verification, and affects only one of the device’s three independent security layers; private keys, wallet backups, and PINs are not stored on the chip.
• Trezor said user funds remain safe and no action is required, while Tropic Square confirmed the issue cannot be patched on existing devices and that a hardened chip revision is in production.

Trezor and its sister chip designer Tropic Square disclosed a TROPIC01 secure element vulnerability in the Trezor Safe 7 hardware wallet on June 3, 2026, after Ledger’s Donjon research team demonstrated a laboratory laser fault injection attack against the chip. According to the companies’ coordinated disclosure, the attack extracted a subset of the secrets the chip protects, but did not compromise user funds, wallet backups, or PINs.

The vulnerability surfaced through an audit that Tropic Square itself commissioned. Tropic Square supplied a TROPIC01 chip to Ledger Donjon, the white-hat security division of competing hardware wallet maker Ledger, to evaluate the part against secure element requirements. In late January 2026, Donjon reported that it had bypassed the chip’s firmware signature verification under highly specific laboratory conditions, according to the Tropic Square technical advisory.

“Because the Trezor Safe 7 was built with multiple independent security layers, a vulnerability in TROPIC01 does not put user funds at risk,” said Matej Žák, CEO of Trezor.

The keys to users’ coins, the wallet backup, and the PIN are never held on a single chip, which Žák described as a deliberate design choice to avoid a single point of failure.

The TROPIC01 advisory describes a laser fault injection attack that targets the chip’s Ed25519 signature verification during authenticated firmware updates and secure boot, opening a path to running attacker-controlled firmware. Tropic Square said all production versions of TROPIC01 currently in the field are affected. Building on Donjon’s report, Tropic Square’s own engineers identified a further method that exploited the same weakness to extract an additional secret tied to the chip’s PIN-related functions.

ALSO READ: Trezor’s Head of Hardware on the Safe 7, Open Security, and Self-Custody

Even with that additional finding, compromising TROPIC01 alone does not unlock the Safe 7 PIN, the company said. The chip is one of three physical, independent security layers, and it holds only one component that contributes to the PIN. Trezor added that the flaw cannot produce tampered devices carrying persistent malicious firmware, ruling out a supply chain attack vector.

The attack carries hard practical limits. Exploiting it requires full physical possession of the device, disassembly, backside decapsulation of the chip package, a connection to custom equipment, and an expensive laser fault injection rig operated by experts. Trezor said there is no evidence of real-world exploitation and that the Safe 7 has never been hacked.

Because the vulnerability sits in the silicon, it cannot be fixed through a remote firmware update on devices already in users’ hands. Tropic Square said it is producing a new chip batch that addresses the flaw, though existing owners do not need to take any action. Trezor framed the proactive disclosure as a defense of its open-source approach, arguing that closed, NDA-protected secure elements force users to trust black-box designs they cannot independently verify.

Editorial Note: This news article has been written with assistance from AI. Edited & fact-checked by the Editorial Team.

Interested in advertising with CIM? Talk to us!