Trezor: Safe 7 Chip Flaw Won’t Let Attackers Steal Funds
Trezor says a Safe 7 secure-element weakness flagged by Ledger cannot be used to remotely drain wallets and needs physical tampering.
Trezor responded to recent Ledger research that flagged a vulnerability in the Safe 7 secure element, saying the flaw cannot be used to remotely drain wallets or bypass the device’s protections. Ledger warned that some implementations of the chip may be vulnerable to physical attacks that could extract secret material.
Trezor said the issue is at the chip level and not in its firmware or wallet architecture, and that its device design and safeguards prevent the kind of compromise described from resulting in lost funds. The company said exploiting the issue would require sustained, hands-on access to a device and specialized hardware modifications.
The firm outlined its security model, which treats physical access as the highest-risk scenario, and described multiple protections that limit risk, including tamper-evidence, firmware signature checks, PINs, optional passphrases and other implementation controls. Trezor noted that users who keep firmware updated and buy devices from authorized sellers remain protected.
Ledger’s research focused on the Safe 7 element and cautioned that vendors with insufficient mitigation could be at risk. The Safe 7 chip vendor issued guidance and potential firmware updates for manufacturers using the component. Trezor said it is reviewing the findings and working with partners to confirm there are no gaps in its defensive measures.
Trezor advised customers to verify firmware signatures, enable tamper-evidence, use PINs and passphrases, and avoid devices that show signs of opening or tampering. The company reiterated its recommendation to purchase hardware wallets only from trusted sources.
Hardware wallets store private keys in isolated environments so users can sign cryptocurrency transactions without exposing keys to internet-connected devices. Secure elements are specialized chips designed to protect cryptographic secrets, and their security depends on both the chip and how manufacturers integrate and configure them.
A Trezor spokesperson commented: “While the chip-level weakness reported by Ledger is important for manufacturers to review, our assessment is that current Trezor devices are not exposed to an exploit that would allow theft of funds without additional, physically invasive attacks and user compromises.” Ledger has not reported active exploitation of Trezor wallets related to the flaw.
The material on GNcrypto is intended solely for informational use and must not be regarded as financial advice. We make every effort to keep the content accurate and current, but we cannot warrant its precision, completeness, or reliability. GNcrypto does not take responsibility for any mistakes, omissions, or financial losses resulting from reliance on this information. Any actions you take based on this content are done at your own risk. Always conduct independent research and seek guidance from a qualified specialist. For further details, please review our Terms, Privacy Policy and Disclaimers.
Articles by this author
