Trezor says your crypto is safe after Ledger audit exposes a hardware flaw

Hardware wallet maker Trezor disclosed a security flaw in a chip used in its new Safe 7 device but said customers’ crypto remains secure and no action is needed.

The issue affects “TROPIC01,” a security chip developed by Trezor sister company Tropic Square. The flaw was uncovered during an independent audit by Ledger’s security research team, Donjon, which used specialized laboratory equipment to bypass some of the chip’s protections, according to an emailed announcement Wednesday.

Tropic Square later identified a related weakness that could expose additional information stored on the chip. However, Trezor said the vulnerability does not give attackers access to users’ crypto holdings, private keys or wallet backups because the Safe 7 relies on multiple layers of security rather than a single chip.

An attacker would need physical possession of a device, expensive lab equipment and advanced technical expertise to attempt the attack. There is no evidence the flaw has been exploited in the real world, Trezor said.

The disclosure stems from a collaboration between two of the hardware wallet industry’s biggest rivals. Trezor said Ledger’s findings helped identify the vulnerability and argued that openly disclosing security issues makes the broader crypto ecosystem safer.

“I believe the open process by which this vulnerability was found, examined, and disclosed is the model the industry should hold itself to,” Matej Žák, CEO of Trezor, said in the announcement.

Read more: Trezor Unveils New Hardware Wallets, Corrosion-Resistant ‘Keep Metal’ for Recovery