Hardware wallet maker Trezor acknowledged on June 3 that there is a security vulnerability in TROPIC01, the chip built into its latest Safe 7 wallet model, but assured users that their funds remain protected and there is no need to take any action.
Through a statement, The company explained that the flaw was discovered during an independent audit. It also affects only one of the device’s multiple layers of defense without compromising private keys or backups.
This discovery arose from tests conducted by Donjon. Ledger’s security research team was able to bypass some of the chip’s protections in a laboratory environment using specialized tools.
Following this discovery, Tropic Square, Trezor’s sister company and developer of TROPIC01, identified a weakness that could potentially expose additional information stored in the component. Still, Tresor argued that this situation does not open the door to accessing funds.
The company emphasized that Safe 7 does not rely on a single element to protect assets, but instead relies on a multi-layered security scheme. Therefore, a partial chip failure is not enough to take control of your wallet.
On top of that, The exploitation scenario described by the company requires an attacker to have a device in their hands.even more expensive equipment and advanced technical knowledge greatly reduce the risk for most users.
Trezor also revealed that there is no evidence of real-world malicious use or devices being compromised with this vulnerability. In that sense, the company claimed that customers do not need to move funds, change settings or take any urgent action.
Danny S., director of communications at Trezor, said:
However, he said: “This is how technology really gets stronger over time. It may be scary to hear about vulnerabilities, but your funds are completely safe.”
Therefore, he reiterated that there is no evidence of actual exploitation or affected users and defended the practice of publicly disclosing vulnerabilities.
The company assured its position of disclosing failures in a transparent manner. That should be the model the industry followsbecause it strengthens security across the industry.
According to Trezor, the core idea is: Admitting weakness does not weaken confidenceHowever, it can be strengthened once the actual scope of the problem is clearly explained. However, the findings highlight the security of self-custody devices and the need for continuous auditing, even between rival companies.
The main message for users is reassurance that there is no sign of theft, private keys being compromised, or backup copies compromised. nevertheless, This episode reminds us that hardware wallet security doesn’t just depend on the device.as well as physical controls, protection of recovery phrases, and management of sensitive information.
