
Ledger's Donjon team disclosed a laser-based fault injection flaw in Trezor Safe 7's TROPIC01 chip. Trezor says no funds are at risk. The event reshapes cold storage trust calculus.
Ledger's Donjon security research team disclosed a hardware vulnerability in the TROPIC01 chip used by the Trezor Safe 7 hardware wallet. The flaw involves a laser-based fault injection technique that could theoretically extract the device's seed phrase. Trezor responded by stating that no user funds are at risk and that the attack requires physical access, specialized equipment, and direct chip exposure.
The disclosure creates a specific decision point for hardware wallet buyers. The simple read is that a competitor found a flaw in a rival product, and the vendor says it is not exploitable in practice. The better market read is that this event reshapes the trust calculus in the cold storage market, where security reputation is the primary differentiator.
Hardware wallets compete almost entirely on security claims. A vulnerability disclosure from a direct competitor – Ledger – carries weight because Donjon is one of the few independent hardware security labs with a public track record. The TROPIC01 chip is a secure element designed to resist physical tampering. A laser fault injection attack bypasses that protection by glitching the chip's voltage at a precise moment during boot, potentially allowing an attacker to read the seed.
Trezor's counterargument rests on two points. First, the attack requires the device to be physically opened and the chip decapsulated, which destroys the wallet's tamper-evident casing. Second, the attacker needs a laser workstation costing tens of thousands of dollars. For a stolen device, the attacker would also need to bypass the PIN. For a device intercepted in transit, the user would notice the opened casing.
The real market impact is not about an immediate exploit. It is about the security margin that buyers assign to different hardware vendors. Trezor has historically marketed its open-source firmware and transparent design as advantages over Ledger's closed-source secure element approach. This disclosure flips that narrative: Ledger's team found a vulnerability in Trezor's secure element, not in the open-source software layer.
Buyers now face a choice. If the attack is impractical, Trezor's position holds. If the disclosure erodes confidence in the TROPIC01 chip's physical security guarantees, some users may shift to wallets using different secure elements or to multisignature setups that reduce single-device risk. The Trezor Safe 7 launched in late 2024 as a premium model. A chip-level disclosure in its first year of release is a material event for its adoption curve.
The next concrete catalyst is Trezor's response timeline. The company has not announced a firmware patch or hardware revision. If Trezor releases a software-level mitigation that randomizes boot timing or adds additional PIN checks before seed extraction, the practical risk drops further. If no patch arrives, the disclosure becomes a permanent asterisk on the Safe 7's security profile.
For the broader cold storage market, this event reinforces a pattern: hardware wallets are not invulnerable, and physical attacks are a real low-probability threat. The decision for buyers is whether to prioritize physical attack resistance or software transparency. No single device optimizes for both at the highest level. The Trezor Safe 7's chip flaw does not change that tradeoff, though it does make it more visible.
For related context on hardware wallet security and broader crypto market trends, see our crypto market analysis and the Bitcoin (BTC) profile.
Prepared with AlphaScala editorial tooling from the source reporting linked above. Indexable analysis may include a cited Alpha Score value. Publishing checks screen each story before release. Educational coverage, not personalized advice.