The company Trezor together with chip developer Tropic Square reported a hardware vulnerability in the secure element TROPIC01, which is used in the Trezor Safe 7 wallet.
The issue was discovered by the research team Donjon, which conducts security audits at Ledger. Despite the identified vulnerability, Trezor stated that there is no threat to user funds or their private keys.
What the Ledger Security Audit Showed
During the audit, the Donjon team from Ledger found a vulnerability in the secure element TROPIC01. This chip is developed by Tropic Square, which is associated with Trezor. Its feature is an open architecture: the manufacturer publishes both the hardware documentation and the firmware source code.
See also: ECB: Gold Surpasses U.S. Bonds for the First Time Among Global Reserves
For the research, the experts used a laser fault injection method. First, they opened the chip case, then directed a precise infrared laser at the die. This made it possible to disrupt the digital signature verification process and run their own unauthorized code on the device.
Tropic Square provided the Donjon team with commercial chip samples for testing, and the researchers reported the discovered vulnerability to the company at the end of January 2026.
After reviewing the report, Tropic Square engineers found another possible attack scenario. In theory, it could allow an attacker to obtain an additional secret parameter related to the PIN protection mechanism.
How Trezor and Tropic Square Can Protect Users
Trezor confirmed that the vulnerability is at the hardware level, so it cannot be fixed by a regular software update on already released Safe 7 devices.
Tropic Square said that they are already releasing a new batch of chips where this issue has been resolved. Users do not need to take any action.
The company emphasizes that Safe 7 uses three independent levels of physical protection, and TROPIC01 is only one of them. Private keys and wallet backups are not stored on the vulnerable chip.
See also: OpenSea May Add Perpetual Contract Trading via Hyperliquid
In addition, the attack requires physical access to the device. An attacker would have to disassemble the wallet, open the chip case from the back, and use specialized equipment for laser fault injection.
According to Cyvers , such an attack is extremely unlikely in real-world conditions.
“The security of a hardware wallet cannot be judged solely by whether a single chip can be hacked in a lab,” said Cyvers CEO Deddy Lavid.
According to him, in practice, users are much more likely to lose funds due to phishing, theft of recovery seed phrases, and signing suspicious transactions than because of such hardware vulnerabilities.
