
Ledger Donjon found a TROPIC01 chip flaw in Trezor Safe 3, 5, and 7. No funds stolen, but the attack surface for physical custody users just widened.
Trezor disclosed a vulnerability in the TROPIC01 Secure Element chip, the hardware root of trust used in its flagship Trezor Safe 3, Safe 5, and upcoming Safe 7 devices. The flaw was identified during an audit performed by Ledger Donjon, Ledger's in-house security research team. Trezor states that no user funds, private keys, or seed phrases have been compromised. Exploitation would require physical possession of the device combined with advanced lab equipment.
The disclosure is unusual because it names a competitor's security team as the discoverer. Ledger Donjon, which is publicly known for breaking hardware wallet security models, found that an attacker with physical access could potentially extract the chip's secret key material. Trezor's response was to issue a firmware patch and to redesign future chips, rather than to recall existing devices.
Hardware wallets compete primarily on two dimensions: user experience and security assurance. A disclosed chip-level vulnerability changes the calculation for anyone choosing between a Trezor device and a competitor such as Ledger or Keystone. The naive read is "no funds stolen, no problem." The better market read is that the attack surface has expanded for three classes of users: high-net-worth holders with physical custody risks, institutional custodians who rely on secure-element certification, and secondary-market buyers of used devices.
For the first group, the vulnerability only matters if an attacker gains physical access to the device. That is the same threat model that hardware wallets are designed to guard against. The TROPIC01 flaw closes the gap between a stolen device and a drained wallet more than previously understood. For the second group, compliance teams at funds and exchanges that mandate FIPS 140-2 or Common Criteria EAL certifications may need to reassess whether Trezor devices meet their security policy requirements.
The disclosure from Ledger Donjon adds a layer of market nuance. Ledger and Trezor are the two largest hardware wallet manufacturers by market share. Ledger has faced its own controversies – a data breach in 2020 and criticism over its Ledger Recover key-backup service. Its security research team has now demonstrated the ability to find a hardware flaw in a rival's flagship chip. This creates a narrative shift in the security marketing battle: Ledger can claim its security team found a flaw that Trezor's own internal testing missed. Trezor can claim it handled the disclosure transparently and fixed the issue before any exploit occurred.
For buyers, the takeaway is that no hardware wallet is immune to chip-level vulnerabilities. The difference between a security incident and a PR problem often comes down to patch velocity and disclosure policy. Trezor pushed a firmware fix and committed to a chip redesign for future Safe 7 batches. The timeline for that redesign will matter: if Trezor ships Safe 7 units with the flaw still present while claiming a fix, trust erosion accelerates.
The next catalyst to watch is the Trezor Safe 7 launch date and chip specification. If Safe 7 ships with a different secure element or with a public attestation of a redesigned TROPIC01, the current vulnerability becomes historical. If Trezor launches Safe 7 without addressing the chip flaw, the market will price in additional physical attack risk for the entire Safe lineup.
Prepared with AlphaScala editorial tooling from the source reporting linked above. Indexable analysis may include a cited Alpha Score value. Publishing checks screen each story before release. Educational coverage, not personalized advice.