Upozorňujeme, že naše blogové články jsou momentálně dostupné pouze v angličtině.
Trezor response: TROPIC01 chip disclosure (no impact to your funds)
Findings: Tropic Square collaboratively provided a TROPIC01 Secure Element chip to the Ledger Donjon team for an independent audit. Ledger Donjon later reported a successful laser fault injection attack against the chip, enabling the extraction of a subset of secrets protected by the chip, which is used in Trezor Safe 7.
Discovery: Building on Donjon's report, Tropic Square’s engineering team identified a complex method to exploit this vulnerability and extract one more secret, affecting TROPIC01's PIN-related functions.
What it means: Your funds are safe. This vulnerability cannot give an attacker access to your PIN, funds or wallet backup in Trezor Safe 7, which has never been hacked.
The response: Users don’t need to take any action. Trezor is disclosing this because of our commitment to radical transparency. We believe our open-source approach makes the whole industry stronger.
We chose to include the world’s first Secure Element chip that anyone can audit, TROPIC01, in our flagship Trezor Safe 7 hardware wallet because long-term self-custody security shouldn’t rely on blind trust.
The chip's open-architecture design allows researchers to proactively look for vulnerabilities, strengthen defenses, and continuously improve security over time.
TROPIC01 chip vulnerability disclosure: what happened
After launching their first chip, Tropic Square agreed with the Ledger Donjon team to evaluate the TROPIC01 chip and identify potential security risks.
Donjon began an audit, and in late January 2026, they informed Tropic Square of a vulnerability discovered in the chip after performing a laser fault-injection attack.
Based on the Ledger Donjon discovery, Tropic Square further identified an attack that enables the running of custom firmware on the chip to extract one more secret, targeting the chip's PIN protection functions.
What does this mean for the Trezor Safe 7?
Your funds remain protected. The vulnerability in one of our Secure Element chips in Trezor Safe 7, which Tropic Square is disclosing, doesn't give access to your funds, neither remotely or with physical possession.
The vulnerability concerns only the TROPIC01 Secure Element chip, one of three physical, independent security layers. Compromising TROPIC01 alone is not enough to give access to the PIN, which is the final layer of protection for your funds.
It also cannot result in tampered Trezor Safe 7 devices with persistent malicious firmware (no supply chain attack threat to Trezor).
The keys to your coins / funds are not stored on the TROPIC01 Secure Element chip, and neither is your wallet backup. This is by design to ensure there is no single point of failure in the device.
How realistic is this attack?
This is a highly professional and complex attack that requires:
- Physical possession of the device
- Disassembly and desoldering (taking the device apart)
- Backside decapsulation (opening device package)
- Specialized, expensive lab equipment
- Deep expertise to find and execute
If this attack occurred, the device would still be secured by two additional layers of physical security. The PIN and wallet backup would remain inaccessible to an attacker.
So, the TROPIC01 chip remains an effective barrier that requires significant time and effort to exploit.
In reality, phishing remains the greatest external threat users should be most cautious about. Good self-custody practices can help prevent avoidable mistakes from becoming costly losses.
Why we’re disclosing this information (what it means for open security)
We’re releasing this news proactively, not because anyone’s funds are at risk, but because this is how open-source security should work. Transparency is non-negotiable.
We don’t believe obscurity = security. Layered, open-source protection helps identify vulnerabilities and strengthens crypto security over time.
Closed systems and NDA-protected Secure Element chips do the opposite, hiding risks behind black-box designs and forcing users to trust what they can’t verify. Without transparency, it may be impossible for users to know whether the technology is at risk because companies cannot disclose any vulnerabilities.
Finding and publishing vulnerabilities can be challenging as a brand, but it makes the industry (and your security) stronger.
We cannot ignore that security is always evolving as technology changes, and only by accepting this reality and sharing findings with the community can we grow and improve.
Response to the findings and what actions you need to take
As this attack targets the hardware, a full firmware fix cannot be applied remotely to the Trezor Safe 7 device, which remains a perfectly safe and secure hardware wallet. Multiple layers of security protect your PIN and funds, even if this attack were executed.
We want to thank both the Ledger Donjon team and Tropic Square for approaching this in an open and professional manner that allows the security community to grow and improve, so that everyone can benefit.
In their commitment to transparency over obscurity, Tropic Square has released a response to the disclosure, which you can read here.
Click here for more details about the TROPIC01 chip and Trezor Safe 7's layered security.
If you have any questions, please reach out to the team here. We will never contact you directly via the phone or ask for your wallet backup.
Frequently asked questions about the TROPIC01 chip vulnerability
Are my funds at risk? Can an attacker access my wallet backup if they have my Trezor Safe 7?
No, the vulnerability concerns only the TROPIC01 Secure Element chip, one of three physical, independent security layers. Compromising TROPIC01 alone is not enough to give access to the PIN, which is the final layer of protection for your funds.
Do I need to take any action?
No action is needed. The vulnerability does not enable a real-world attack that could be used to steal users’ funds, cannot create tampered devices, and does not affect day-to-day use. Your device continues to protect your assets.
Can this vulnerability be fixed?
As this attack targets the chip on the hardware level, a fix cannot be applied remotely with a firmware update for the Trezor Safe 7. The Tropic Square team has been working on a new batch of chips that fixes the reported vulnerability.
What does an attacker actually need to exploit this vulnerability?
The attacker needs physical possession of the device, must tear it apart, desolder TROPIC01, perform a backside decapsulation, and connect it to a custom board. The attack also requires specialized and expensive laboratory equipment, precise positioning tools, measurement equipment, a laser fault-Injection setup, and expert knowledge. This disclosure has proven that even a highly complex attack on one of several layers of security is difficult.
Why are you disclosing this vulnerability when users’ funds are not at risk?
Because that’s how open-source security should work. Users’ funds remain safe, but we are radically transparent because discoveries like this push security standards higher across the industry and give the wider ecosystem lessons it can apply immediately. Unlike closed, black-box alternatives, open development means vulnerabilities are found, disclosed, and turned into progress.
