According to a report by Cryptopolitan on June 4, during an independent audit of Trezor Safe 7 hardware wallets, Ledger’s security research team Donjon used a laser fault injection technique to bypass the signature verification process of its internal TROPIC01 secure element chip. Trezor confirmed that user funds and private keys are not affected.
Laser fault injection attack: confirmed technical method and Donjon’s findings
Donjon’s researchers opened the TROPIC01 chip package and used precise infrared laser irradiation on the silicon to disrupt its signature verification process, allowing it to run unauthorized code on a specific chip.
After receiving Donjon’s investigation results, Tropic Square’s own engineers found a related attack path that could extract another secret associated with the chip’s PIN code protection function. Tropic Square had provided commercial chip samples to Donjon in advance for evaluation. This disclosure followed a responsible vulnerability disclosure process.
Practical exploitation of this vulnerability requires: physical possession of the device, performing physical disassembly, opening the chip package from the back side, and using specialized laser fault injection equipment. Cyvers CEO Deddy Lavid said this kind of attack is “extremely impractical” in real-world applications, and pointed out that for most users, phishing, mnemonic theft, and blind signing are greater threats.
Frequently asked questions
Do existing users of Trezor Safe 7 need to take any immediate action?
According to Trezor’s official statement, existing users do not need to take any action. The vulnerability is located at the TROPIC01 hardware layer and cannot be fixed via software updates, but Tropic Square says it is producing a new version of the chip that will address the issue. Trezor also confirmed that private keys and wallet backups are not stored on affected TROPIC01 chips.
What is special about the TROPIC01 chip, and why is it worth关注?
The TROPIC01 is designed by Tropic Square and is described as the first secure element chip to publicly disclose both the hardware design and firmware source code, featuring an open-source security architecture. Ledger Donjon performed an independent third-party audit. Tropic Square proactively provided commercial chip samples for evaluation. This vulnerability discovery falls under a responsible disclosure process driven by open security research.
Ledger and Trezor are direct competitors—does this audit involve a conflict of interest?
Ledger Donjon is Ledger’s security research division. Ledger and Trezor have a direct competitive relationship in the hardware wallet market. This audit is an authorized assessment project for Tropic Square—Tropic Square proactively provided commercial chip samples to Donjon. Donjon reported the investigation findings to Tropic Square in late January 2026 through an official responsible disclosure process, and the two companies subsequently jointly disclosed the findings to the public.
