Overview
- Researchers at Ledger Donjon uncovered a vulnerability in the TROPIC01 secure element during lab testing that let them extract some chip secrets and bypass firmware signature checks.
- Tropic Square and Trezor publicly disclosed the flaw after coordinated review and said the issue sits at the hardware level of the chip and is not remediable via standard remote firmware updates.
- Trezor says Safe 7 funds remain protected because the device uses three independent security layers across TROPIC01, an OPTIGA Trust M chip, and an STM32U5 microcontroller so a single-chip compromise does not expose private keys or wallet backups.
- Tropic Square later found a related method that could expose a PIN-related secret, but Trezor reported no evidence so far of real-world exploitation and advised users that no immediate action is needed.
- The episode highlights that physical attacks such as laser fault injection need specialized equipment and expertise, underscores limits of remote fixes for chip flaws, and shows value in open, cross-vendor auditing for hardware-wallet security.