TL;DR:
- Trezor revealed a flaw in the TROPIC01 chip of its Safe 7 wallet, detected by Ledger’s Donjon security research team.
- The vulnerability does not expose private keys or funds: exploiting it requires physical access, costly lab equipment and advanced technical expertise.
- There is no evidence of real attacks or compromised devices; Trezor states that user funds are safe.
Trezor disclosed that a security vulnerability was detected in the TROPIC01 chip, the core component of its new hardware wallet Safe 7, after the Donjon research team, belonging to its main competitor Ledger, managed to bypass some of the chip’s protections using specialized laboratory equipment. The company was emphatic in clarifying that user funds are not at risk and that no action is required on their part.
The affected chip was developed by Tropic Square, a sister company of Trezor. After learning of Donjon’s findings, Tropic Square also identified a related weakness that could expose additional information stored in the chip. However, Trezor noted that this flaw does not allow an attacker to access cryptocurrencies, private keys or wallet backups, given that the Safe 7 operates on multiple security layers and does not rely on a single component.
We built TROPIC01 to find its limits.
Today we're publishing a Security Advisory on a hardware vulnerability discovered during an independent audit by the Ledger Donjon team – alongside the deeper findings our engineers made as a result.
What was found:
👉️ During their… pic.twitter.com/mkSB957X7o— Tropic Square 🌴🔲 (@tropicsquare) June 3, 2026
Trezor’s Wallet Remains Secure: Physical Access, Lab Equipment and Expertise
To attempt to exploit the vulnerability, an attacker would need to have the device physically in hand, possess costly laboratory equipment and an advanced level of technical expertise. Trezor confirmed there is no evidence that the flaw has been exploited in the real world or that any devices have been compromised to date.
The disclosure has one aspect that sets it apart from the usual cycle of patches and alerts: it emerged from a collaboration between two of the largest rivals in the hardware wallet segment. Trezor acknowledged that Ledger‘s findings were decisive in identifying the problem and defended transparency as the industry’s guiding principle.
Matej Žák, CEO of the company, stated in the official release: “I believe the open process by which this vulnerability was found, examined and disclosed is the model the industry should adopt as standard.”
The case also highlights both the strength of the Safe 7’s layered security approach and the value of technical collaboration between competitors to strengthen the custody infrastructure for crypto assets.
