Dernière minute
TRKiev Hava Saldırısı Altında: Apartmanlar Hasar Gördü, Can Kaybı VarKR이재명 대통령, '3대 메가 프로젝트' 속도전 강조… "최대치 지원"RUРоссийские войска уничтожили 21 антенну связи БПЛА и 9 робототехнических комплексов ВСУEUPedro Lourtie: The EU Diplomat Navigating High-Stakes NegotiationsEUSweden's Gang Violence Crisis: Prevention vs. PunishmentRUThe Economist: Страны НАТО неохотно увеличивают оборонные расходыCNSummer McIntosh Shatters 200m Butterfly World RecordARنظام البطاقات الحمراء في حالة فوضى بسبب قرار ترامب والفيفا وبالوغونEUJordan Bardella's French Presidential Ambitions Hinge on Le Pen's Legal FateAUWA Minister Paul Papalia Set to Resign, Triggering Secret Harbour By-ElectionTRKiev Hava Saldırısı Altında: Apartmanlar Hasar Gördü, Can Kaybı VarKR이재명 대통령, '3대 메가 프로젝트' 속도전 강조… "최대치 지원"RUРоссийские войска уничтожили 21 антенну связи БПЛА и 9 робототехнических комплексов ВСУEUPedro Lourtie: The EU Diplomat Navigating High-Stakes NegotiationsEUSweden's Gang Violence Crisis: Prevention vs. PunishmentRUThe Economist: Страны НАТО неохотно увеличивают оборонные расходыCNSummer McIntosh Shatters 200m Butterfly World RecordARنظام البطاقات الحمراء في حالة فوضى بسبب قرار ترامب والفيفا وبالوغونEUJordan Bardella's French Presidential Ambitions Hinge on Le Pen's Legal FateAUWA Minister Paul Papalia Set to Resign, Triggering Secret Harbour By-Election
Newsgather
BackTrezor Safe 7 Hardware Wallet Vulnerability Disclosed
Trezor Safe 7 Hardware Wallet Vulnerability Disclosed
En développement
Decrypt03.06.2026Tech2 dk okuma

Trezor Safe 7 Hardware Wallet Vulnerability Disclosed

L'essentiel

  • Trezor has revealed a vulnerability in its Safe 7 hardware wallet, discovered by Ledger Donjon.
  • The exploit, a laser fault injection attack on the TROPIC01 chip, reduces PIN protection layers but requires physical access and specialized equipment, leaving user funds protected.

Résumé généré par IA

Pourquoi c'est important

Trezor has disclosed a security vulnerability in its Safe 7 hardware wallet, identified during an independent audit by Ledger Donjon. The exploit targets the TROPIC01 Secure Element chip, one of three security layers protecting user PINs.

Taille de police

Trezor has revealed a vulnerability in its flagship Safe 7 hardware wallet, but affirms that user funds "remain protected" due to the nature of the exploit.

The vulnerability was uncovered during an independent security audit by the Ledger Donjon team, which reported a successful "laser fault injection attack" against the TROPIC01 Secure Element chip. It enables an attacker to extract one of three "secrets" that protect a user's PIN, effectively reducing three layers of protection to two.

"The vulnerability concerns only the TROPIC01 Secure Element chip, one of three physical, independent security layers. Compromising TROPIC01 alone is not enough to give access to the PIN, which is the final layer of protection for your funds," the Trezor blog states. "It also cannot result in tampered Trezor Safe 7 devices with persistent malicious firmware."

It's worth noting that Trezor says that such an attack requires physical possession of the hardware wallet, for the attacker to disassemble it, and for specialized lab equipment to be used. As such, Trezor still calls the TROPIC01 chip an "effective barrier" of protection which "requires significant time and effort to exploit," adding that "users’ funds remain safe."

Blockchain security firm Cyvers echoed Trezor’s assessment that user funds are "safe," telling Decrypt that the attack appears "highly impractical."

Hardware wallets, otherwise known as "cold" wallets, store private keys offline on a physical device. This is in contrast to hot wallets, like MetaMask, which store the user's keys on locally installed software or on cloud-based servers. In the case of the Trezor Safe 7 wallet, the blog post says that the user's keys are fortunately not stored in the TROPIC01 chip.

Unfortunately, due to the vulnerability being hardware-based, the exploit cannot be patched with a firmware update. Trezor did not immediately respond to Decrypt's request for comment on whether it will accept refund requests from customers.

Questions ouvertes

  • Will Trezor offer refunds to affected customers?
  • What specific model of the TROPIC01 chip is affected?
  • Are there any plans for a hardware revision or alternative chip?

Sujets liés

This article was originally published by Decrypt.

Articles liés

Plus sur ce sujettrezor