Trezor has disclosed a vulnerability in the TROPIC01 security chip used in its new Safe 7 hardware wallet. This issue was discovered during an independent audit by Donjon, a security research team affiliated with competitor Ledger. Trezor stated that the vulnerability does not directly threaten user funds, and there is currently no evidence that the device has been exploited in the real world.

Attacks require physical contact with equipment.

The company stated that this vulnerability only affects one layer of Safe 7's multi-layered protection system. To carry out an attack, an attacker would need access to the device itself, specialized laboratory equipment, and a high level of technical skill.

Trezor stated that Ledger researchers bypassed some of the chip's protections under laboratory conditions, but this does not mean that ordinary users will face direct risks in daily use. The company also stated that no cases of device compromise or user asset damage have been found, and users do not need to take any additional action.

Involving Tropic Square chips

The TROPIC01 chip involved in this issue was developed by Trezor affiliate Tropic Square. Trezor uses it in the security design of its Safe 7 devices.

Based on the disclosed information, this discovery did not originate from a real attack, but rather from laboratory verification during a security research process. Trezor emphasized that hardware wallets do not rely on a single chip for protection, therefore a single point of vulnerability does not equate to funds being exposed.

• Device involved: Trezor Safe 7
• Chip involved: TROPIC01
• Discovered by: Donjon team, a subsidiary of Ledger

Both manufacturers jointly disclosed the issue.

This disclosure also stems from a collaboration between the two hardware wallet manufacturers. Trezor stated that the Ledger team's research helped them identify the vulnerability, and publicly disclosing the issue helps improve the security level of the entire crypto industry.

Trezor CEO Matej Žák stated that the transparent process of vulnerability discovery, analysis, and disclosure should serve as a reference for the industry in handling security issues. For the hardware wallet industry, such cross-company security audits also demonstrate that, beyond device security competition, underlying research and transparent disclosure remain crucial.