Potential Security Loophole Uncovered in Trezor’s Older Safe 3 Cryptocurrency Wallets

Cryptocurrency CrimePotential Security Loophole Uncovered in Trezor's Older Safe 3 Cryptocurrency Wallets

Date:

On March 5, Trezor, a leading provider of crypto hardware wallets, unveiled a theoretical vulnerability in its older Safe 3 wallet model. The disclosure came in response to a tip-off from its main competitor, Ledger. Trezor’s vulnerability is largely academic and would likely only impact users who procured their device from a third party.

Later in the week, Ledger provided more detailed information regarding the exploit, explaining how the extremely technical attack could be executed. Donjon, Ledger’s security division based in Paris, reutilized a recognized “physical supply chain attack” and discovered that Trezor’s Safe 3 model, released in 2023, remains unsecure.

“Ledger Donjon recently assessed our Trezor Safe Family and successfully employed a previously known attack to show how some countermeasures against supply chain attacks in Trezor Safe 3 can be circumvented,” stated Trezor.

However, it’s important to note that the majority of Trezor’s wallets, especially its most recent release, Trezor Safe 5, and its first two generations, Trezor Model One and Model T, are not affected by this attack. The exploit also relies on a specific set of circumstances and a high degree of expertise, making it an unlikely method for widespread exploitation. Consequently, Trezor does not advise immediate action from Safe 3 users, especially those who purchased the device from official sources.

The attack demonstrated by Donjon takes advantage of a weakness in the microcontroller of Trezor Safe 3 using a technique called voltage glitching. If an attacker can physically access the device, desolder the microcontroller, and apply specific voltage changes, they can trick the device into disclosing its flash memory contents. This would then allow the attacker to load the microcontroller with malicious software, possibly revealing the wallet’s seed phrase and accessing the stored funds.

Staying secure in this environment involves purchasing devices directly from manufacturers and ensuring the wallet’s chain-of-custody. Users also need to use a longer PIN to make exploitation more challenging and always update their devices to the latest firmware version. Most importantly, users must always verify whether they are interacting with the application or entity they think they are.

As Ledger CTO Charles Guillemet puts it, “Our mission at Ledger Donjon is to push the boundaries of security for the benefit of the whole crypto ecosystem. We appreciate Trezor’s responsiveness to this responsible security disclosure.”

LEAVE A REPLY

Please enter your comment!
Please enter your name here


Share post:

Subscribe

Popular

More like this
Related

China Missile Launch: Regional Tensions Rise — What It Means for 2026

On July 8, 2026, China demonstrated its expanding military...

Gold Price Forecast 2026: Market Trends and Predictions — What It Means for Investors

As of July 2026, spot gold prices are facing...

Strike Bitcoin-backed Loan Update: A Risky Yet Innovative Solution — What It Means for 2026

In a bold move amidst a challenging bear market...

USD/CAD Analysis: Crude Oil Prices Surge Amid Geopolitical Tensions — What It Means for 2026

The USD/CAD currency pair has seen a notable uptick,...