Hardware wallet maker Trezor has disclosed a security vulnerability affecting a key component used in its new Safe 7 device. However, the company insists the flaw does not endanger users’ funds or wallet access.
The issue was uncovered during an independent security audit conducted by Ledger Donjon, the research team of rival hardware wallet manufacturer Ledger. The vulnerability affects the TROPIC01 Secure Element chip developed by chipmaker Tropic Square, one of the security layers integrated into the Trezor Safe 7 hardware wallet.
Tropic Square disclosed a vulnerability in the TROPIC01 Secure Element chip used in Trezor Safe 7. It has been identified based on findings from the Ledger Donjon team’s independent audit.
Important: Your funds remain safe and secure. Trezor Safe 7 has not been hacked, and you…
— Trezor (@Trezor) June 3, 2026
According to Trezor, the flaw impacts only one of the device’s three independent security protections, making it insufficient on its own to compromise a user’s wallet, PIN, or crypto holdings.
Ledger researchers expose weakness in secure element chip
In January 2026, Ledger Donjon researchers informed Tropic Square that they had successfully performed a laser fault injection attack on the chip under laboratory conditions. The attack reportedly enabled them to extract certain secrets stored within the component and bypass firmware signature verification.
Following the report, Tropic Square engineers conducted additional investigations and identified another potential exploitation path that could expose a separate secret linked to the chip’s PIN-related functions.
The company subsequently informed its partners, including Trezor, and decided to disclose the findings publicly alongside Ledger Donjon’s research.
Trezor says wallet security remains intact
Despite the disclosure, Trezor stressed that users do not need to take any action.
The company said compromising the TROPIC01 chip alone is not enough to gain access to the Safe 7 wallet or reveal a user’s PIN. As a result, customer funds remain protected by the device’s broader security architecture.
Because the vulnerability exists at the hardware level, it cannot be resolved through a firmware or software update.
“Because the Trezor Safe 7 was built with multiple independent security layers, a vulnerability in TROPIC01 does not put user funds at risk,”
Trezor CEO said.
Security disclosure highlights industry collaboration
The incident offers a rare look into how hardware wallet manufacturers handle security flaws and work with independent researchers to test crypto custody products.
Trezor noted that Ledger Donjon has previously published research on its devices. One earlier report examined the Trezor Safe 3 and demonstrated a highly complex attack involving physical interception and modification of a device before it reached customers.
While no Trezor wallet has been compromised through the newly disclosed flaw, the company said it continues to strengthen protections against increasingly sophisticated attack methods as the hardware wallet industry faces growing security scrutiny.
Enjoyed this? Bookmark DeFi Planet, explore related topics, and follow us on Twitter, LinkedIn, Facebook, Instagram, Threads and CoinMarketCap Community for seamless access to high-quality industry insights
Take control of your crypto portfolio with DEFI PLANET PRO, DeFi Planet’s suite of analytics tools.
