Trezor discloses chip flaw after Ledger audit, says user crypto remains secure
In brief
- Trezor Safe 7 contains TROPIC01 chip flaw discovered by Ledger's Donjon independent audit team.
- Vulnerability requires physical device access, specialized lab equipment, and advanced expertise to exploit.
- User crypto, private keys, and wallet backups remain secure with no real-world exploitation evidence.
The flaw and its discovery
Ledger's Donjon used specialized laboratory equipment to bypass some of the chip's protections. Tropic Square later identified a related weakness that could expose additional information stored on the chip.
The disclosure stems from collaboration between two of the hardware wallet industry's biggest rivals. It's an unusual partnership, one that underscores how serious both firms take security research and industry-wide transparency.
Why this matters less than it sounds
The Safe 7 relies on multiple layers of security rather than a single chip. This architecture means the flaw affects only one defense mechanism among many. An attacker would need physical possession of a device, expensive lab equipment and advanced technical expertise to attempt the attack.
There is no evidence the flaw has been exploited in the real world. Trezor's message to customers is straightforward: your funds are safe, and you don't need to do anything.
A model for the industry
Matej Žák, CEO of Trezor, framed the disclosure as a positive. The open process by which this vulnerability was found, examined, and disclosed is the model the industry should hold itself to — that's the kind of transparency that builds trust, not erodes it.
