An audit by the Ledger Donjon team identified a flaw in the Secure Element chip of the Trezor Safe 7 wallet: exploiting it requires physical access and specialized equipment.
Trezor has publicly disclosed the existence of a vulnerability in its flagship hardware wallet, the Safe 7, clarifying that users’ funds “remain protected” due to the nature of the exploit. The flaw was discovered during an independent security audit conducted by the Ledger Donjon team, which reported a “laser fault injection” attack against the TROPIC01 Secure Element chip.
The attack allows a malicious actor to extract one of the three “secrets” that protect the user’s PIN, effectively reducing the three physical layers of protection to two. As Trezor’s official blog states: “The vulnerability only affects the TROPIC01 Secure Element chip, one of three independent physical security layers. Compromising TROPIC01 alone is not sufficient to access the PIN, which is the final layer of protection for funds”. Trezor also adds that the flaw “cannot result in Trezor Safe 7 devices being tampered with persistent malicious firmware”.
To exploit the vulnerability, according to Trezor, an attacker must physically possess the wallet, disassemble it, and use specialized laboratory equipment. For this reason, the company still defines the TROPIC01 chip as an “effective barrier” of protection that “requires significant time and effort to exploit”. Blockchain security firm Cyvers confirmed Trezor’s assessment, stating that the attack appears “highly impractical”.
A critical aspect of the situation is that, as a hardware-level vulnerability, it cannot be fixed through a firmware update. Users’ private keys, however, are not stored in the TROPIC01 chip, which further limits the concrete risk to funds.
Deddy Lavid, CEO of Cyvers, offered a broader perspective on the topic of hardware wallet security, telling Decrypt: “The security of a hardware wallet should not be evaluated solely on whether a chip can be attacked in a lab. For most users, the far greater risk is still phishing, seed phrase theft, malicious dApps, and blind-signed transactions they don’t fully understand”.
