Ledger find security flaw in TROPIC01 (Trezor's Safe 7 chip)

Bitcoin Forum

June 04, 2026, 09:26:07 PM

Welcome, Guest. Please login or register.

News: Latest Bitcoin Core release: 31.0 [Torrent]

Home

Help

Bitcoin Forum > Bitcoin > Development & Technical Discussion > Wallet software > Hardware wallets > Ledger find security flaw in TROPIC01 (Trezor's Safe 7 chip)

Pages: [1]

« previous topic next topic »

Author

Topic: Ledger find security flaw in TROPIC01 (Trezor's Safe 7 chip) (Read 69 times)

OmegaStarScream (OP)

Staff
Legendary

Activity: 4228
Merit: 7400

Ledger find security flaw in TROPIC01 (Trezor's Safe 7 chip)

June 03, 2026, 10:14:11 AM
Last edit: June 03, 2026, 10:27:11 AM by OmegaStarScream

Merited by cygan (5), ABCbits (1), dkbit98 (1), Charles-Tim (1)

Quote from: https://www.coindesk.com/tech/2026/06/02/dnp-trezor-says-users-crypto-is-safe-after-ledger-researchers-uncover-chip-flaw

Trezor disclosed a security flaw in the TROPIC01 chip used in its Safe 7 hardware wallet after Ledger's Donjon security team identified a successful laboratory attack, but the company says the vulnerability does not put user funds at risk.

The flaw affects only one of the wallet's multiple security layers and would require physical access, specialized equipment and advanced expertise to exploit, with no evidence of real-world attacks or compromised devices.

And this is the official response from Trezor [1][2].

TLDR; This should not affect the user funds in anyway.

[1] https://trezor.io/blog/news/Trezor-response-TROPIC01-chip-disclosure-no-impact-to-your-funds
[2] https://x.com/Trezor/status/2062113395994738962

b1exch.to

Instant Automated Exchange
.....................No Logs | No registration | No JavaScript .....................

ETH DAI BTC LTC USDT XMR

ACCESS VIA
Tor

███████████▄▀▄▀
█████████▄█▄▀
███████████
███████▄█▀

█▀█
▄▄▀░░██▄▄
▄▀██▄▀██████▄
███▄▀░▄████████
██████████░██████
█░████░██████████
█░█░█░████░██████
█░█░█░██░██████
▀▀▀▄█▄████▀▀▀

Charles-Tim

Legendary

Activity: 2296
Merit: 6388

Leading Crypto Sports Betting & Casino Platform

⇾ Re: Ledger find security flaw in TROPIC01 (Trezor's Safe 7 chip)

June 03, 2026, 10:39:15 AM

The site is making sign-in mandatory and there is error when I want to register an account on the site. No threat because it requires physical attack on the device?

If it is like that, it is the same just as old Trezor model One and model T that did not have the secure element. If it is like that, I still prefer Trezor. It is one still one of the best hardware wallet.

But my preferred hardware wallet are airgapped.

My best cold wallets are the ones I set up myself on an airgapped device.

..^Stake.com..

▄████████████████████████████████████▄ ██ ▄▄▄▄▄▄▄▄▄▄ ▄▄▄▄▄▄▄▄▄▄ ██ ▄████▄ ██ ▀▀▀▀▀▀▀▀▀▀ ██████████ ▀▀▀▀▀▀▀▀▀▀ ██ ██████ ██ ██████████ ██ ██ ██████████ ██ ▀██▀ ██ ██ ██ ██████ ██ ██ ██ ██ ██ ██ ██████ ██ █████ ███ ██████ ██ ████▄ ██ ██ █████ ███ ████ ████ █████ ███ ████████ ██ ████ ████ ██████████ ████ ████ ████▀ ██ ██████████ ▄▄▄▄▄▄▄▄▄▄ ██████████ ██ ██ ▀▀▀▀▀▀▀▀▀▀ ██ ▀█████████▀ ▄████████████▄ ▀█████████▀ ▄▄▄▄▄▄▄▄▄▄▄▄███ ██ ██ ███▄▄▄▄▄▄▄▄▄▄▄▄ ██████████████████████████████████████████

Play
Smarter

▄▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▄ █ ▄▀▄ █▀▀█▀▄▄ █ █▀█ █ ▐ ▐▌ █ ▄██▄ █ ▌ █ █ ▄██████▄ █ ▌ ▐▌ █ ██████████ █ ▐ █ █ ▐██████████▌ █ ▐ ▐▌ █ ▀▀██████▀▀ █ ▌ █ █ ▄▄▄██▄▄▄ █ ▌▐▌ █ █▐ █ █ █▐▐▌ █ █▐█ ▀▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▀█

Leading Crypto Sports Betting
&&&&& Casino Platform

▄▄█████████▄▄ ▄██▀▀▀▀█████▀▀▀▀██▄ ▄█▀ ▐█▌ ▀█▄ ██ ▐█▌ ██ ████▄ ▄█████▄ ▄████ ████████▄███████████▄████████ ███▀ █████████████ ▀███ ██ ███████████ ██ ▀█▄ █████████ ▄█▀ ▀█▄ ▄██▀▀▀▀▀▀▀██▄ ▄▄▄█▀ ▀███████ ███████▀ ▀█████▄ ▄█████▀ ▀▀▀███▄▄▄███▀▀▀

..^{PLAY NOW}..

OmegaStarScream (OP)

Staff
Legendary

Activity: 4228
Merit: 7400

Re: Ledger find security flaw in TROPIC01 (Trezor's Safe 7 chip)

June 03, 2026, 10:57:11 AM

Quote from: Charles-Tim on June 03, 2026, 10:39:15 AM

The site is making sign-in mandatory and there is error when I want to register an account on the site. No threat because it requires physical attack on the device?

Yes, I believe you can only read three articles on Coindesk before making an account becomes mandatory now (switching to Incognito should allow you to read it too)

From my understanding, there is "no threat" because the chip with the security flaw is one of MULTIPLE security layers the Safe 7 device has, not because physical access is required. So this flaw (alone) should not put the user's funds at risk.

b1exch.to

Instant Automated Exchange
.....................No Logs | No registration | No JavaScript .....................

ETH DAI BTC LTC USDT XMR

ACCESS VIA
Tor

███████████▄▀▄▀
█████████▄█▄▀
███████████
███████▄█▀

Charles-Tim

Legendary

Activity: 2296
Merit: 6388

Leading Crypto Sports Betting & Casino Platform

Re: Ledger find security flaw in TROPIC01 (Trezor's Safe 7 chip)

June 03, 2026, 11:26:11 AM
Last edit: June 03, 2026, 11:37:41 AM by Charles-Tim

Quote from: OmegaStarScream on June 03, 2026, 10:57:11 AM

Yes, I believe you can only read three articles on Coindesk before making an account becomes mandatory now (switching to Incognito should allow you to read it too)

I have tried it with incognito mode, it is still the same. Probably because I have tried it before. Before I posted that, I cleared my browser cache, but was still the same. Maybe I can try the incognito on a new browser instead to know if it would work.

Quote from: OmegaStarScream on June 03, 2026, 10:57:11 AM

From my understanding, there is "no threat" because the chip with the security flaw is one of MULTIPLE security layers the Safe 7 device has, not because physical access is required. So this flaw (alone) should not put the user's funds at risk.

I have read part of the new links that you posted, I do not even see it as a vulnerability yet unless the 3 security layer has been breached. Laser fault injection attack only affected the TROPIC01 Secure Element chip, but according to Trezor there are two other layers of security that need to be breached before pin and other sensitive information can be known.

So for now, physical attack on the hardware wallet is useless.

..^Stake.com..

Play
Smarter

Leading Crypto Sports Betting
&&&&& Casino Platform

..^{PLAY NOW}..

dkbit98

Legendary

Activity: 2982
Merit: 8701

AntiSwap.io - NO AML/KYC EXCHANGER MONITORING

Re: Ledger find security flaw in TROPIC01 (Trezor's Safe 7 chip)

June 03, 2026, 12:07:34 PM

Donjon team, this is the one good thing in whole ledger team, and I gave them credits many time.
I was just reading the post on both trezor and donjon website, and it was expected for first chip version to have some flaws.
This is one of the reasons why I didn't purchase Trezor Safe 7, it's better to wait until they release updated chip version.

^🛡 ^AntiSwap ^{NO AML/KYC—EXCHANGER MONITORING} ⁹⁰⁰⁺^{^EXCHANGERS} ^BITCOINTALK ^│ ^TELEGRAM

Code:

[center][table][tr][td][font=Arial Black][size=24pt][glow=#222,1][nbsp][url=https://en.antiswap.io/?utm_source=bitcointalk_s3][size=5pt][sup][size=21pt][b][color=#03adfd]🛡[/b][/sup][/size][size=13pt][nbsp][/size][size=5pt][sup][size=18pt][color=#fff]Anti[color=#3b82f6]Swap[/sup][/size][nbsp][nbsp][size=14pt][sup][size=8pt][i][color=#fff]NO[nbsp]AML/KYC—EXCHANGER[nbsp]MONITORING[/sup][/size][nbsp][nbsp][size=6pt][sup][size=16pt][glow=#03adfd,1][nbsp][font=Impact][color=#fff]900+[/font][nbsp][/glow][/size][/sup][/size][size=6pt][sup][size=16pt][glow=#3b82f6,1][nbsp][size=8pt][sup][size=8pt][color=#fff]EXCHANGERS[/size][/sup][/size][nbsp][/glow][/size][/sup][/size][/url][nbsp][nbsp][font=Arial][b][size=14pt][sup][size=8pt][url=https://bitcointalk.org/index.php?topic=5568680.msg66184227#msg66184227][color=#fff]BITCOINTALK[/url][/size][/sup][/size][/font][nbsp][size=9pt][sup][size=18pt][color=#3b82f6]│[/size][/sup][/size][nbsp][font=Arial][b][size=14pt][sup][size=8pt][url=https://t.me/+qGCCD6ncnctiZTli][color=#fff]TELEGRAM[/url][/size][/sup][/size][/font][nbsp][nbsp][/td][/tr][/table][/center]

ABCbits

Legendary

Activity: 3626
Merit: 10082

Re: Ledger find security flaw in TROPIC01 (Trezor's Safe 7 chip)

Today at 08:53:00 AM

Quote from: Charles-Tim on June 03, 2026, 10:39:15 AM

The site is making sign-in mandatory and there is error when I want to register an account on the site. No threat because it requires physical attack on the device?

You may want to see the article written by Ledger Donjon on https://donjon.ledger.com/blog/tropic01-laser-fault-injection/.

Quote from: https://donjon.ledger.com/blog/tropic01-laser-fault-injection/

When a laser pulse hits SPECT logic during execution, it (often) corrupts the computation, causing the (otherwise valid) signature verification to fail. But the chip itself, and in particular the main CPU, does not crash — it simply reports a verification failure and continues operating. By scanning across the die and recording which positions caused failures, we built a map of the SPECT logic location.

There are many reason it's difficult to reproduce, but personally i believe this part is most tricky to execute.

.
.^{Duelbits PREDICT}..

.
.^{WHERE EVERYTHING IS A MARKET}..

█████
██
██

██
██
██████

Will Bitcoin hit $200,000
before January 1st 2027?
^No @1.15 ^Yes @6.00

█████
██
██

██
██
██████

^{CHECK MORE >}

cygan

Legendary

Activity: 3906
Merit: 12489

icarus-cards.eu

Re: Ledger find security flaw in TROPIC01 (Trezor's Safe 7 chip)

Today at 09:20:42 AM

to exploit this flaw, an attacker would have to bypass all security measures simultaneously in order to access the sensitive wallet data.
this would make the attack extremely difficult, and the attacker would have to:

have physical access to the device
completely disassemble the hardware
open the chip housing
and much more

.
^Jackpot ter ..... ^{COMMUNITY POWERED CRYPTO CASINO}

^PLAY NOW

Pages: [1]

Bitcoin Forum > Bitcoin > Development & Technical Discussion > Wallet software > Hardware wallets > Ledger find security flaw in TROPIC01 (Trezor's Safe 7 chip)

« previous topic next topic »

Jump to: