Trezor says Safe 7 funds stay secure after TROPIC01 chip flaw found

Trezor said funds on its Safe 7 hardware wallet remain secure after Ledger’s Donjon security team found a hardware vulnerability in the TROPIC01 secure element chip during an independent audit. The flaw, reported in late January 2026 after Tropic Square provided commercial chip samples for evaluation, was exploited in lab conditions using laser fault injection after physically opening the chip package and targeting the silicon to disrupt signature verification, allowing unauthorized code to run on that specific chip. Tropic Square later found a related attack path that could expose an additional secret tied to the chip’s PIN protection functions. Trezor said the issue cannot be fixed with a software update on existing Safe 7 devices because it is a hardware-level flaw, but added that private keys and wallet backups are not stored on the affected chip, the Safe 7 relies on three independent physical security layers, and users do not need to take action. Exploitation requires physical possession of the device, disassembly, backside decapsulation and specialized laser fault injection equipment. Cyvers said the attack appears highly impractical outside a lab, arguing that phishing, seed phrase theft and blind-signing remain more significant risks for most users.