Summary
- An audit conducted by the Ledger Donjon team discovered a security vulnerability in Trezor's TROPIC01 Secure Element chip.
- This flaw could potentially expose one of three "secrets" safeguarding a user's PIN, thus lowering the wallet's security from three layers to two.
- For the vulnerability to be exploited, an attacker must have physical access to the wallet, disassemble it, and utilize specialized laboratory tools.
Trezor has disclosed a vulnerability affecting its Safe 7 hardware wallet, while assuring users that their funds "remain protected" given the nature of the exploit.
This vulnerability was identified during an independent security audit by the Ledger Donjon team, which reported a successful "laser fault injection attack" on the TROPIC01 Secure Element chip. This could allow an attacker to access one of three "secrets" that are crucial for protecting a user's PIN, effectively diminishing the wallet's security from three layers to two.
Tropic Square has reported a vulnerability in the TROPIC01 Secure Element chip utilized in Trezor Safe 7, based on the findings of the Ledger Donjon team's audit.
Crucially: Your funds are secure. Trezor Safe 7 has not been compromised, and you…
— Trezor (@Trezor) June 3, 2026
According to Trezor's blog, "The vulnerability pertains solely to the TROPIC01 Secure Element chip, which is one of three independent physical security layers. Compromising just the TROPIC01 chip does not grant access to the PIN, which serves as the ultimate layer of protection for your assets." They also added that this vulnerability does not lead to devices being tampered with or having persistent malicious firmware installed.
Trezor emphasizes that for an attack to succeed, the attacker must physically possess the wallet, disassemble it, and utilize specialized lab equipment. Therefore, Trezor maintains that the TROPIC01 chip serves as an "effective barrier" that would require significant time and effort to exploit, reiterating that "users’ funds remain safe."
Blockchain security firm Cyvers supported Trezor’s stance, confirming to Decrypt that user funds are "safe," and suggesting that the attack seems "highly impractical."
Hardware wallets, commonly referred to as "cold" wallets, keep private keys offline on a physical device, unlike hot wallets such as MetaMask, which store keys on software or cloud-based platforms. In the case of Trezor Safe 7, the blog states that the user's keys are fortunately not stored within the TROPIC01 chip.
Unfortunately, because this vulnerability is hardware-related, it cannot be resolved through a firmware update. Trezor has not yet responded to Decrypt's inquiry regarding whether they will entertain refund requests from users.
"The security of hardware wallets should not be judged solely on whether a chip can eventually be compromised in a laboratory setting," stated Deddy Lavid, CEO of Cyvers, in an interview with Decrypt. "For the majority of users, the far greater risk continues to be phishing, seed phrase theft, malicious dApps, and signing transactions they do not fully comprehend."