PANews reported on June 3rd that, according to The Block, Ledger's Donjon security team bypassed the firmware verification mechanism of the TROPIC01 chip used in the Trezor Safe 7 using a sophisticated laser attack in a lab environment. This allows attackers to load unauthorized firmware even with physical possession of the device. Chip manufacturer Tropic Square further discovered an additional attack path in the chip's MAC-and-Destroy security mechanism used for PIN verification, but details will not be released until a reinforced version of the chip is released at the end of 2026. Trezor stated that PIN, mnemonic phrase backups, and private keys are never stored on a single chip, partners have been notified, and ordinary users do not need to take any action. Currently, the feasibility of the attack can be reduced by disabling the chip's MAINTENANCE mode.