Trezor, a leading hardware wallet manufacturer, has disclosed a potential vulnerability in older versions of its Safe 3 crypto wallets, following research by rival Ledger’s security team. The flaw, identified by Ledger’s Donjon unit, affects the microcontroller in the Safe 3—a component separate from the device’s Secure Element—and could expose users to risks if exploited by a sophisticated attacker with physical access. While Trezor has acted swiftly to address the issue, the revelation underscores ongoing security challenges in the hardware wallet industry.
The vulnerability came to light on March 12, when Ledger Donjon, an open-source research division, published findings showing that the Safe 3’s microcontroller was susceptible to voltage-glitching attacks. These attacks could allow a hacker to extract cryptographic secrets, modify firmware, or bypass security checks, potentially compromising user funds. Unlike the Secure Element, which boasts an EAL6+ certification and safeguards private keys, the microcontroller handles cryptographic operations and remains a weak link, according to Ledger’s report. Trezor confirmed the issue but emphasized that it stems from a previously known attack vector, mitigated in newer devices and patched via firmware updates for Safe 3 units.
Trezor’s response was immediate. In posts on X on March 12, the company reassured users that “funds remain safe” and no action is required for those who purchased devices from official sources. “Ledger Donjon reused a previously known attack to bypass some of our countermeasures against supply chain attacks in Trezor Safe 3,” Trezor stated. “Nevertheless, users who purchase from official sources are fully secure.” The company highlighted that the flaw poses no remote threat—physical possession of the device is necessary—reducing risk for most users.
A Competitive Spotlight
The Safe 3, launched in October 2023, marked Trezor’s shift to a two-chip design, pairing a Secure Element with a microcontroller to enhance security over older single-chip models like the Trezor One. Priced at $79, it targets beginners and seasoned crypto holders alike, supporting over 8,000 assets. However, Ledger’s findings suggest that while the Secure Element protects sensitive data, the microcontroller’s vulnerabilities could undermine these advances if not fully addressed. Ledger’s report also noted a similar issue in the newer Safe 5, launched in June 2024, though Trezor claims its latest firmware mitigates the risk across both models.
This isn’t the first time Trezor has faced scrutiny over hardware flaws. In 2023, cybersecurity firm Unciphered demonstrated a physical hack on the Trezor T, exploiting an unpatchable STM32 chip vulnerability. That attack, like Ledger’s, required physical access and advanced equipment, a high bar for real-world exploitation. Still, it sparked debate about Trezor’s reliance on aging chip designs—a critique Ledger Donjon echoed in its latest analysis. Unlike Ledger, which uses a proprietary dual-chip system with a bank-grade Secure Element, Trezor’s open-source ethos has been both a strength and a point of contention, balancing transparency with hardware limitations.
Implications for Users
For Safe 3 owners, the disclosure raises practical questions. Trezor insists that devices bought directly from its shop or trusted resellers are secure, thanks to cryptographic authentication via the Secure Element. This system verifies device integrity when paired with Trezor Suite, the wallet’s desktop software. However, Ledger’s research revealed a flaw in this process: the microcontroller’s firmware isn’t checked during authentication, potentially allowing tampered devices to pass as legitimate. In a worst-case scenario, a compromised Safe 3 could be sold with malicious firmware, siphoning funds once activated.
Ledger Donjon’s attack required custom hardware to extract a pre-shared secret from the microcontroller’s flash memory, a feat beyond most attackers’ reach. Still, the possibility of supply chain tampering—where fake or altered devices enter circulation—looms as a concern. Trezor’s firmware patch addresses this by strengthening countermeasures, though the underlying microcontroller design remains unchanged, leaving some experts skeptical about long-term fixes short of a hardware overhaul.
Industry Ripple Effects
The disclosure highlights a rare instance of collaboration—and competition—between crypto’s two hardware wallet giants. Ledger framed its research as a contribution to ecosystem security, not a jab at Trezor. Charles Guillemet, Ledger’s Chief Technology Officer, noted on X on March 12 that Donjon’s work aims to “elevate security standards” industry-wide. Trezor, in turn, acknowledged the findings while defending its devices’ safety, a delicate balance in a market where trust is paramount.
For users, the incident reinforces a core truth: no wallet is impervious. Hardware wallets like the Safe 3 offer robust protection against remote hacks—unlike software wallets or exchange accounts—but physical vulnerabilities persist. Trezor’s open-source approach, lauded for transparency, contrasts with Ledger’s closed-source firmware, sparking debate over which model best serves security-conscious users. Past incidents, like Ledger’s 2020 data breach exposing customer info, remind the industry that both firms have faced their own challenges.
Looking Ahead
Trezor has not announced plans to phase out affected Safe 3 units or redesign the microcontroller, likely due to cost and logistical hurdles. Instead, it’s leaning on software updates and user vigilance—urging purchases from verified channels—to close the gap. Meanwhile, the Safe 5, with its color touchscreen and haptic feedback, continues Trezor’s push toward user-friendly security, though it too shares the microcontroller flaw per Ledger’s report.
As crypto adoption grows, with only 2% of 420 million users self-custodying per Trezor’s estimates, such disclosures could sway newcomers weighing their options. For now, Safe 3 owners can breathe easy if they’ve followed best practices. But the episode is a reminder that in the race to secure digital wealth, even the strongest vaults have chinks to mend.
Disclaimer: TrueToCrypto.com (the “Website”) is for general informational purposes only and is obtained from independent sources that are believed to be reliable. However, TrueToCrypto.com, its owners, affiliates, officers, employees, and agents (collectively, “We,” “Us,” or “Our”) make no representations or warranties, express or implied, as to the accuracy, completeness, timeliness, reliability, or suitability of the information contained on or accessed through this Website. Further read Disclaimer.