The Ledger security team disclosed hardware vulnerabilities in the chip used by Trezor Safe 7, and Trezor claims user funds are safe

According to The Block, the Donjon security team under Ledger has bypassed the firmware verification mechanism of the TROPIC01 chip used in the Trezor Safe 7 through precise laser attacks in a laboratory environment, allowing unauthorized firmware to be loaded as long as the attacker possesses the physical device.

Chip manufacturer Tropic Square further discovered that there are additional attack vectors in the MAC-and-Destroy security mechanism used for PIN verification on this chip, but details will not be disclosed until the enhanced version of the chip is launched at the end of 2026.

Trezor stated that the PIN, mnemonic backup, and private keys have never been stored on a single chip, and they have notified partners, so ordinary users do not need to take action. Currently, the feasibility of attacks can be reduced by disabling the chip's MAINTENANCE mode.