coin-img-ETHETH-2.59%coin-img-BTCBTC-3.92%coin-img-SOLSOL-3.20%coin-img-XRPXRP-0.97%coin-img-USDCUSDC+0.00%coin-img-NEARNEAR+5.90%coin-img-HYPEHYPE+7.36%coin-img-TONCOINTONCOIN-3.03%coin-img-ETHETH-2.59%coin-img-BTCBTC-3.92%coin-img-SOLSOL-3.20%coin-img-XRPXRP-0.97%coin-img-USDCUSDC+0.00%coin-img-NEARNEAR+5.90%coin-img-HYPEHYPE+7.36%coin-img-TONCOINTONCOIN-3.03%coin-img-ETHETH-2.59%coin-img-BTCBTC-3.92%coin-img-SOLSOL-3.20%coin-img-XRPXRP-0.97%coin-img-USDCUSDC+0.00%coin-img-NEARNEAR+5.90%coin-img-HYPEHYPE+7.36%coin-img-TONCOINTONCOIN-3.03%coin-img-ETHETH-2.59%coin-img-BTCBTC-3.92%coin-img-SOLSOL-3.20%coin-img-XRPXRP-0.97%coin-img-USDCUSDC+0.00%coin-img-NEARNEAR+5.90%coin-img-HYPEHYPE+7.36%coin-img-TONCOINTONCOIN-3.03%

Trezor Discloses TROPIC01 Hardware Flaw; Says Safe 7 Funds Are Not at Risk

Trezor and semiconductor developer Tropic Square have disclosed a hardware vulnerability affecting the TROPIC01 secure element after Ledger Donjon, Ledger's white-hat security team, identified an exploit during a controlled laboratory audit. Trezor said the issue does not endanger Safe 7 wallets or user funds. Ledger Donjon reported in January 2026 that it was able to carry out a laser fault-injection attack against TROPIC01 in lab conditions. Researchers said the technique allowed them to extract certain chip secrets and bypass firmware signature checks. Tropic Square later found an additional exploitation method that could reveal another secret linked to PIN-related functions. Because the weakness is at the hardware level, it cannot be resolved through a standard remote firmware update. Trezor said Safe 7 was designed with three independent security layers, and the vulnerability affects only one of them. The device combines TROPIC01 with OPTIGA Trust M and an STM32U5 microcontroller, separating duties such as PIN verification, device authenticity, and wallet creation. Trezor and Tropic Square said a compromise of TROPIC01 alone does not provide access to PINs, wallets, or funds. "Because the Trezor Safe 7 was built with multiple independent security layers, a vulnerability in TROPIC01 does not put user funds at risk," CEO Matej Žák said. Trezor added that users do not need to take any action. The disclosure offers an unusual level of transparency into cross-vendor security testing in the hardware wallet market. Ledger Donjon has previously audited Trezor devices and published research on physical attack vectors. Tropic Square markets TROPIC01 as an "open and auditable" secure element, aiming to enable broader scrutiny of hardware that is often evaluated under NDA. The episode reinforces that open testing can surface weaknesses before malicious actors do, and that real-world device security depends on the overall architecture rather than any single component. Chip-level vulnerabilities remain a key risk for custody devices. Recent reports have also flagged physical-attack exposure in products using chips such as the ESP32 and various microcontrollers. User guidance remains unchanged: purchase hardware wallets only from official channels, keep firmware updated, store recovery phrases offline and safeguard them carefully, and avoid devices that show signs of physical tampering. Trezor and Tropic Square said they chose public disclosure after reviewing Ledger Donjon's findings, highlighting the role of independent audits and layered security in modern hardware wallets.
SAFE
SAFE-2.01%
Avvertenza: Il contenuto sopra riportato rappresenta esclusivamente l'opinione dell'autore e non riflette la posizione di BingX. Non deve essere interpretato come un consiglio di investimento da parte di BingX. Per ulteriori dettagli, consultare i Termini e condizioni.