Trezor and chip designer Tropic Square have disclosed a security flaw in the TROPIC01 integrated circuit. The vulnerability was uncovered during a security audit led by Ledger Donjon, the hardware security team of rival wallet maker Ledger. Trezor says its Safe 7 wallet and user funds are not at risk despite the issue.
The vulnerability discovery
Ledger Donjon’s audit identified a weakness in the TROPIC01 chip, a component used in certain hardware wallets. Neither Trezor nor Tropic Square has detailed the exact nature of the flaw, but the disclosure confirms it exists. The audit was part of a routine review of the chip’s security before broader deployment.
What Trezor says about the Safe 7
Trezor was quick to reassure users. The company stated that the Safe 7 wallet — which relies on the TROPIC01 chip — remains secure. User funds are not exposed, and no action is required from owners. Trezor did not specify whether a firmware update or other mitigation is planned, only that the vulnerability does not affect the wallet’s current operation.
The chip’s role and next steps
TROPIC01 is an open-source security chip developed by Tropic Square, a Czech company that works closely with Trezor. The chip is designed to provide a verifiable, transparent hardware root of trust. While the discovered flaw doesn’t impact the Safe 7, it raises questions about future products that might use the chip. Tropic Square has not announced a timeline for a fix or a revised version of TROPIC01.
For now, Trezor and Tropic Square have shared only the bare minimum — a vulnerability exists, but it’s contained. Users can keep using their Safe 7 wallets as normal. The full technical details of the flaw remain under wraps, likely until a patch or a new chip revision is ready.
