Trezor has reassured its customers that their cryptocurrency remains secure despite a recently disclosed security flaw in the TROPIC01 chip utilized in its Safe 7 hardware wallet. The company emphasizes that no immediate action is required from users.
The vulnerability is limited to one of the wallet's several security layers and would necessitate physical access, specialized tools, and significant expertise to exploit.
According to Trezor, the flaw was revealed following an independent audit conducted by Ledger's Donjon security team, who successfully executed a controlled laboratory attack using specialized equipment to breach certain protections of the chip.
While Tropic Square, the company behind the chip, has identified an additional vulnerability that could potentially expose more information stored on the device, Trezor maintains that this issue does not compromise users’ crypto assets, private keys, or wallet backups. The Safe 7 wallet employs multiple security layers, ensuring that the exposure of one chip does not endanger the overall security.
To exploit this vulnerability, an attacker would require physical access to the device, high-cost laboratory equipment, and advanced technical skills. Trezor has stated that there is no evidence of any real-world exploitation of this flaw.
This incident arose from a collaboration between Trezor and Ledger, two prominent competitors in the hardware wallet sector. Trezor argues that such transparency regarding security issues contributes to enhancing the overall safety of the cryptocurrency ecosystem. “I believe the open process by which this vulnerability was found, examined, and disclosed is the model the industry should hold itself to,” stated Trezor CEO Matej Žák in the announcement.
Read more: Trezor Unveils New Hardware Wallets, Corrosion-Resistant 'Keep Metal' for Recovery