Trezor and Tropic Square reveal a vulnerability in the TROPIC01 chip: no risk to users’ funds

On June 3, 2026, Trezor and Tropic Square publicly announced the discovery of a vulnerability in the TROPIC01 chip, used in the Trezor Safe 7 hardware wallet. This disclosure was made in collaboration with the Ledger Donjon research team, underscoring the companies’ commitment to transparency and user security.

Despite the discovery, Trezor Safe 7 users’ funds remain safe and no action is required from device owners. The vulnerability affects only one of the three physical security layers present in the device, confirming the effectiveness of the layered architecture adopted by Trezor.

Details of the vulnerability: a sophisticated and impractical attack

The context of the discovery

After the launch of the first TROPIC01 chip in mid-2025, Tropic Square involved the Ledger Donjon security team to subject the chip to an independent evaluation. In January 2026, Ledger Donjon informed Tropic Square that it had successfully carried out a Laser Fault Injection attack under highly specific laboratory conditions, managing to bypass the firmware signature verification.

Based on this discovery, Tropic Square’s engineering team identified an additional complex method to exploit the vulnerability, which allows the extraction of another secret related to the PIN functions of the TROPIC01 chip. All partners, including Trezor, were informed and the vulnerability was made public in a coordinated manner.

Limited impact: the multi-layer security of Trezor Safe 7

The vulnerability affects only the TROPIC01 chip, one of the three physical and independent security layers of the Trezor Safe 7. Compromising only TROPIC01 does not allow access to the PIN, which represents the final barrier protecting users’ funds. In addition, private keys and the wallet backup are not stored on the TROPIC01 chip, but are distributed across different components, thereby eliminating any single point of failure.

The described attack requires physical possession of the device, specialized laboratory equipment, and high-level expertise. There is no evidence of real-world exploitation of this vulnerability, and Trezor Safe 7 has never been breached.

What this means for Trezor Safe 7 users

No action required: security remains intact

For users, the discovery does not entail any practical risk nor does it require any action. The vulnerability is at the hardware level and cannot be fixed via remote firmware updates. However, thanks precisely to the device’s layered design, a flaw in a single chip does not compromise overall security.

In the real world, phishing remains the main threat for those who self-custody their assets. A vulnerability that requires physical access and advanced tools does not represent a concrete risk for the vast majority of users.

Words from Matej Žák, CEO of Trezor

Matej Žák, CEO of Trezor, emphasized that the decision to integrate TROPIC01 — an open-source and verifiable chip — was made precisely to ensure maximum transparency and security. The device was designed with multiple independent security layers, ensuring that no single component can represent a critical point of vulnerability.

Žák highlighted the importance of coordinated disclosure and collaboration between companies to strengthen the entire sector. “The PIN, backup, and keys to users’ funds are never entrusted to a single chip. This is the result of a deliberate and transparent design,” he stated.

Why Trezor chooses transparency

An open-source security model

Trezor chose to publish this disclosure not because funds are at risk, but to promote a security model based on transparency. The company rejects the idea that security comes from obscurity: closed systems and chips protected by NDAs hide risks behind opaque designs, forcing users to blindly trust what they cannot verify.

Transparency allows users to be informed and aware of the real security conditions of their devices. Finding and publishing vulnerabilities can be uncomfortable for a brand, but it is what makes the ecosystem more robust and reliable.

Security evolution: a shared responsibility

Security evolves alongside technology. The only way to keep up is to share discoveries openly with the community. Today’s disclosure fits into this logic, giving everyone the opportunity to understand and assess risks, even if they are purely theoretical.

For those who wish to learn more, the full technical advisory is available on the Tropic Square blog.

Trezor: pioneers of self-custody

Founded in 2013, Trezor invented the concept of the hardware wallet and is today the most trusted name in self-custody, with over 2 million users worldwide. The company develops open-source security tools that give users full control over their digital assets. The Trezor Safe 7 is the company’s flagship product, designed to offer the highest level of protection and transparency.

—

In summary, although the TROPIC01 chip vulnerability is technically significant, it does not compromise the security of Trezor Safe 7 users’ funds. The transparent and collaborative approach adopted by Trezor and Tropic Square represents a virtuous model for the entire digital security industry.