Laser fault attack bypasses TROPIC01 in Trezor Safe 7

Ledger's Donjon research team demonstrated that a 1064 nm laser fault‑injection can bypass firmware verification on the TROPIC01 secure element used in the Trezor Safe 7. Chip maker Tropic Square confirmed the vulnerability affects all production TROPIC01 units.

Researchers reached the bypass by decapsulating the TROPIC01 chip and using a precisely calibrated 1064 nm laser to inject faults into the chip's signature verification routine during firmware updates and device boot. In lab tests the team modified the chip to return the string “HACK” in its device identification response, which the researchers say shows unauthorized firmware can be loaded and executed when an attacker has physical possession of the device and access to specialized equipment.

The TROPIC01 is one of three independent security layers in the Safe 7. Trezor maintains that the device does not store users' PINs, wallet backups or private keys on that chip. The device uses a hardware-backed secret storage mechanism called MAC-and-Destroy for PIN verification; Ledger's initial testing did not extract secrets from that boundary. Tropic Square conducted follow-up analysis and identified an additional attack path that could compromise the MAC-and-Destroy boundary, but the company is withholding technical details until a hardened silicon revision is available.

A software mitigation is available: vendors can disable the chip's MAINTENANCE mode, which blocks the primary entry point used in the published attack and requires a more complex, multi-step physical exploit. Tropic Square plans a silicon revision of the TROPIC01 scheduled for late 2026 and expects to publish full technical write-ups in spring 2027. Ledger's Donjon team reported prompt acknowledgement from Tropic Square and movement toward remediation during the coordinated disclosure.

Trezor notified its partners ahead of public disclosure and told users no action is required. Trezor CEO Matej Zak wrote, “The PIN, the wallet backup, and the keys to users' funds are never held on a single chip. That is by design.”

The attack depends on chip decapsulation, high-precision optical fault injection and controlled lab conditions, which limit practical applicability. The disclosure has led to a firmware configuration change for current units and a revised silicon roadmap for future products.