Ledger Donjon, the security research team known for its work on crypto hardware, has uncovered a vulnerability in the TROPIC01 chip that powers the Trezor Safe 7 hardware wallet. The finding, disclosed Thursday, raises questions about the chip’s integrity — but Trezor is pushing back, saying user funds are protected by additional layers of the device’s design.
How the flaw was found
The flaw was discovered by Ledger Donjon during what it described as a routine security assessment of the TROPIC01 secure element. The chip, developed by STMicroelectronics, is used in Trezor’s latest flagship wallet, the Safe 7, which launched last year. While Ledger Donjon hasn't publicly detailed the exact nature of the vulnerability, it confirmed that the issue resides at the chip level and could theoretically be exploited under specific conditions.
The team notified Trezor before going public, a standard practice in responsible disclosure. Neither Ledger nor Trezor has said whether the vulnerability has been exploited in the wild.
Why Trezor says it’s not a crisis
Trezor responded quickly, issuing a statement that emphasized the wallet’s layered security architecture. The company said that even if an attacker gained access to the chip, the private keys — the critical data that controls cryptocurrency — remain protected by software-based safeguards and the device’s overall design. “User funds are not at risk,” the company said, pointing to the multi-factor authentication and encrypted storage that sit above the chip.
That argument isn’t new in the hardware wallet space. Manufacturers often treat secure elements as one component in a broader security model, not the only line of defense. Trezor’s claim that the flaw is contained rests on the assumption that no single point of failure can compromise the whole system.
What this means for Safe 7 owners
For now, the practical risk appears low. Trezor has not pushed a firmware update specifically to address the TROPIC01 issue, and the company hasn’t issued a recall. Owners of the Safe 7 are advised to keep their devices updated with the latest firmware and to follow standard security practices — like never sharing recovery seeds and only using the wallet with trusted computers.
Still, the disclosure puts Trezor in an awkward position. Ledger Donjon is a direct competitor’s research arm; Ledger and Trezor are the two dominant brands in hardware wallets. The discovery fuels an ongoing debate over whether closed-source secure elements (which both companies use) are more secure than open-source alternatives.
Trezor has long marketed its products as more transparent because its software is fully open-source. The TROPIC01 chip, however, is not. Critics argue that without public scrutiny of the chip itself, vulnerabilities like this one can lurk for years.
The unresolved question
Ledger Donjon hasn’t released a full technical breakdown of the vulnerability, making it hard for independent researchers to verify Trezor’s safety claims. The company says it will publish more details after Trezor releases a mitigation — but no timeline has been set. Until then, Safe 7 users are left with the company’s word that their crypto is safe.
