{"id":30566,"date":"2026-06-03T10:43:23","date_gmt":"2026-06-03T10:43:23","guid":{"rendered":"https:\/\/bitunikey.com\/news\/trezor-says-safe-7-funds-are-safe-after-ledger-finds-chip-flaw\/"},"modified":"2026-06-03T10:43:31","modified_gmt":"2026-06-03T10:43:31","slug":"trezor-says-safe-7-funds-are-safe-after-ledger-finds-chip-flaw","status":"publish","type":"post","link":"https:\/\/bitunikey.com\/news\/trezor-says-safe-7-funds-are-safe-after-ledger-finds-chip-flaw\/","title":{"rendered":"Trezor says Safe 7 funds are safe after Ledger finds chip flaw"},"content":{"rendered":"<p><\/p>\n<div class=\"post-detail__content blocks\">\n<p><strong>Trezor and Tropic Square have disclosed a TROPIC01 chip flaw found by Ledger Donjon, but said the Trezor Safe 7 wallet and user funds remain secure.<\/strong><\/p>\n<div id=\"cn-block-summary-block_70fbeb068708c0b69285539c768f585e\" class=\"cn-block-summary\">\n<div class=\"cn-block-summary__nav tabs\">\n        <span class=\"tabs__item is-selected\">Summary<\/span>\n    <\/div>\n<div class=\"cn-block-summary__content\">\n<ul class=\"wp-block-list\">\n<li>Trezor says Safe 7 user funds remain safe because three hardware layers protect wallet access.<\/li>\n<li>Ledger Donjon found the TROPIC01 flaw during lab tests using laser fault injection techniques.<\/li>\n<li>Tropic Square disclosed the flaw publicly and said the chip issue needs physical lab access.<\/li>\n<\/ul><\/div>\n<\/div>\n<p><!-- .cn-block-summary --><\/p>\n<p>The vulnerability was found during an independent audit of the TROPIC01 Secure Element chip. Ledger Donjon, the white-hat research team at rival hardware wallet maker Ledger, carried out the review.<\/p>\n<p>Tropic Square gave the chip to Ledger Donjon for testing. Trezor said the flaw affects one of three independent security layers inside the Safe 7 wallet.<\/p>\n<p>According to the <a rel=\"nofollow\" target=\"_blank\" href=\"https:\/\/trezor.io\/blog\/news\/Trezor-response-TROPIC01-chip-disclosure-no-impact-to-your-funds\" target=\"_blank\" rel=\"nofollow\">disclosure<\/a>, Ledger Donjon told Tropic Square in January 2026 that it had carried out a laser fault injection attack under lab conditions. The attack allowed researchers to extract some chip secrets and bypass firmware signature checks.<\/p>\n<figure class=\"wp-block-embed is-type-rich is-provider-x wp-block-embed-x\">\n<div class=\"wp-block-embed__wrapper\">\n<blockquote class=\"twitter-tweet\" data-width=\"550\" data-dnt=\"true\">\n<p lang=\"en\" dir=\"ltr\">Tropic Square disclosed a vulnerability in the TROPIC01 Secure Element chip used in Trezor Safe 7. It has been identified based on findings from the Ledger Donjon team&#8217;s independent audit.<\/p>\n<p>Important: Your funds remain safe and secure. Trezor Safe 7 has not been hacked, and you\u2026<\/p>\n<p>\u2014 Trezor (@Trezor) <a rel=\"nofollow\" target=\"_blank\" rel=\"nofollow\" href=\"https:\/\/x.com\/Trezor\/status\/2062113395994738962?ref_src=twsrc%5Etfw\">June 3, 2026<\/a><\/p><\/blockquote>\n<\/div>\n<\/figure>\n<p>Tropic Square later found another way to use the same weakness. That method could expose another secret tied to PIN-related chip functions.<\/p>\n<p>    <!-- .cn-block-related-link --><\/p>\n<h2 class=\"wp-block-heading\"><strong>Trezor says funds remain protected<\/strong><\/h2>\n<p>Trezor <a rel=\"nofollow\" target=\"_blank\" href=\"https:\/\/trezor.io\/guides\/trezor-devices\/trezor-safe-7\/how-trezor-safe-7-s-three-hardware-layers-protect-your-wallet\" target=\"_blank\" rel=\"nofollow\">said<\/a> users do not need to take action. The company said a compromise of TROPIC01 alone does not give access to a user\u2019s PIN, wallet or funds.<\/p>\n<p>\u201cBecause the Trezor Safe 7 was built with multiple independent security layers, a vulnerability in TROPIC01 does not put user funds at risk,\u201d Trezor CEO Matej \u017d\u00e1k said.<\/p>\n<p>The issue sits at the hardware level, so it cannot be fixed through a normal remote firmware update. Trezor and Tropic Square still chose public disclosure after reviewing Ledger Donjon\u2019s findings.<\/p>\n<p>The Safe 7 uses TROPIC01 with two other chips. Its design combines TROPIC01, OPTIGA Trust M and STM32U5 to protect PIN checks, device authenticity and wallet creation.<\/p>\n<h2 class=\"wp-block-heading\"><strong>Hardware wallet audits remain in focus<\/strong><\/h2>\n<p>The disclosure gives a rare public view of rival security testing in the hardware wallet market. Ledger Donjon has previously reviewed Trezor devices and published research on physical attack routes.<\/p>\n<p>As previously reported by crypto.news, Ledger Donjon earlier said Trezor Safe devices still faced physical attack risks linked to microcontroller use. Trezor said at the time that user funds remained safe when devices came from official sources.<\/p>\n<p>Separate crypto.news coverage also warned that some hardware wallets using ESP32 chips faced private key theft risks. That report showed that chip-level flaws remain a key security concern for crypto custody devices.<\/p>\n<h2 class=\"wp-block-heading\"><strong>Open security model faces real tests<\/strong><\/h2>\n<p>Tropic Square markets TROPIC01 as an open and auditable secure element. The company says the chip lets researchers inspect and test hardware that would often remain closed under non-disclosure terms.<\/p>\n<p>The new flaw shows that open testing can reveal weaknesses before attackers do. It also shows that hardware wallet security depends on full device design, not only one chip.<\/p>\n<p>For users, the main guidance remains simple. They should buy devices from official channels, keep firmware updated, protect recovery phrases offline and avoid using any wallet that shows signs of tampering.<\/p>\n<p>    <!-- .cn-block-related-link --><\/p><\/div>\n","protected":false},"excerpt":{"rendered":"<p>Trezor and Tropic Square have disclosed a TROPIC01 chip flaw found by Ledger Donjon, but said the Trezor Safe 7 wallet and user funds remain secure. Summary Trezor says Safe&hellip;<\/p>\n","protected":false},"author":1,"featured_media":30567,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[1],"tags":[],"class_list":["post-30566","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-cryptocurrency"],"_links":{"self":[{"href":"https:\/\/bitunikey.com\/news\/wp-json\/wp\/v2\/posts\/30566","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/bitunikey.com\/news\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/bitunikey.com\/news\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/bitunikey.com\/news\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/bitunikey.com\/news\/wp-json\/wp\/v2\/comments?post=30566"}],"version-history":[{"count":1,"href":"https:\/\/bitunikey.com\/news\/wp-json\/wp\/v2\/posts\/30566\/revisions"}],"predecessor-version":[{"id":30568,"href":"https:\/\/bitunikey.com\/news\/wp-json\/wp\/v2\/posts\/30566\/revisions\/30568"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/bitunikey.com\/news\/wp-json\/wp\/v2\/media\/30567"}],"wp:attachment":[{"href":"https:\/\/bitunikey.com\/news\/wp-json\/wp\/v2\/media?parent=30566"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/bitunikey.com\/news\/wp-json\/wp\/v2\/categories?post=30566"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/bitunikey.com\/news\/wp-json\/wp\/v2\/tags?post=30566"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}