‍

We built TROPIC01, the world’s first open-architecture secure element, to find its limits. Today, this philosophy of radical openness is being put into practice. We are publishing a Security Advisory regarding a physical vulnerability identified in TROPIC01 thanks to an independent audit by Ledger’s Donjon security research team. 

At the same time, we confirm that there is no evidence of this vulnerability being exploited in the wild, and mitigation measures are ready for deployment. ‍

“Auditability and transparency are core parts of what make hardware security credible because it builds trust, and we’re committed to that standard. While external disclosures happen, true transparency goes beyond that. Proactively and responsibly sharing all vulnerabilities with your customers and partners should be the norm. We believe that hiding flaws only creates a false sense of security,” says Ladislav Veselý, Tropic Square CEO.

This disclosure is our commitment to a transparent security lifecycle, where identifying and sharing findings ensure our ecosystem grows stronger and our business partners are proactively informed, rather than surprised when it's too late.

‍

Ledger Donjon Audit: Putting our Open Model to the Test

Following our production launch in mid-2025, as part of our continuous partner security evaluations, we have also engaged in active discussions with Ledger’s Donjon security research team about evaluating our chip against secure element requirements. Shortly after we provided them with TROPIC01 samples for an independent audit, which began in December 2025.

In late January 2026, Donjon disclosed the successful execution of a Laser Fault Injection (LFI) attack on TROPIC01. They demonstrated that, under highly specific and complex conditions, an attacker could bypass signature verification during the firmware update and boot processes. This allows a threat actor to load and execute unauthorized firmware on TROPIC01. The audit successfully achieved firmware execution, but even with full control of the CPU, the essential hardware-level security was not bypassed.

“In essence, even an attacker with full control over the CPU cannot read, modify, or bypass the MACANDD (MAC-and-Destroy) mechanism. The security boundary is not in firmware - it is in silicon.” - Ledger Donjon

Expanding the Vulnerability Scope: What Our Team Found

Ledger Donjon’s audit confirmed that the hardware-level security boundary withstood their initial firmware exploit. To understand the limits of this vulnerability, our engineering team conducted an expanded root cause analysis. Utilizing our internal architectural expertise, we discovered that the hardware-level security boundary can be bypassed for MAC-and-Destroy, meaning confidential data on TROPIC01 units based on the current silicon architecture could be compromised via a combined attack vector.

We shared the existence of this hardware-level bypass with Ledger Donjon. Prompted by this, their team conducted further independent testing and successfully discovered a vulnerability path to compromise the hardware boundary as well.
‍
While our business partners have already been informed about this vulnerability through a direct Security Advisory, in line with responsible disclosure practices, we are withholding specific technical details from the public to reduce the risk of misuse. We will share the full technical report in the spring of 2027.

Importantly, this entire attack chain - from the initial boot bypass to potential data exposure - is a highly complex, laboratory-grade exploit, and actionable mitigation measures are available for deployment.

‍

The Threat Model: Laboratory vs. Reality

To accurately assess risk, it is critical to contextualize the severity of the vulnerability, which has been assigned a Medium base score (5.7, CVSS 3.1). This is not a remote software flaw. Executing this attack requires:

• Full physical possession of the device.
• Precise backside decapsulation (grinding) of the chip.
• Expert-level attacker knowledge.
• Expert execution of Laser Fault Injection (LFI) using specialized laboratory equipment with an ownership cost exceeding €30,000.

The technical and physical barriers mean that the level of risk connected to the vulnerability is not universal, but rather highly dependent on specific use cases and threat models. For example, because this vulnerability cannot be exploited remotely, if the device containing the chip is secured in an environment with strict physical access controls, the risk might be reduced to Low or Residual. On the other hand, if the chip is in an exposed, easily accessible device protecting assets that exceed the cost of the attack, the threat model is entirely different and demands a stricter risk evaluation.

Regardless of the application, because today’s advanced laboratory techniques become tomorrow’s standard threats, transparency over obscurity is essential so that everyone in our ecosystem can accurately assess their risk profiles.

‍

Mitigation and Next Steps

Thanks to transparent relationships with our partners, actionable mitigation measures for this specific attack vector are already available for deployment. 

• Immediate firmware measures: security of current devices can be improved by disabling maintenance mode (which does not impact daily functionality) and following a specific update procedure (described in Security Advisory) to increase the number of protection layers (defense-in-depth).‍
• Silicon-level update: Foundational hardware hardening and an updated bootloader have been integrated into our silicon. New chips, planned for delivery in late 2026, mitigate this LFI vulnerability on hardware as well as firmware level. While LFI attempts can never be entirely ruled out in standard CMOS technology, our new hardware revision makes bypassing the bootloader logic via this specific attack vector unfeasible.

‍

Our response, however, didn't stop at mitigation. We actively used the deep insights from Ledger Donjon’s disclosure and implemented architectural refinements in the upcoming silicon revision, enhancing overall robustness against fault injection and ensuring TROPIC01 remains the benchmark for auditable security.

We want to thank the Ledger Donjon team for their exceptional technical expertise and professionalism. Their commitment to coordinated disclosure is exemplary. This collaboration proves that transparent dialogue and open-source principles are what truly strengthen the hardware ecosystem.

‍

The Infinite Game of Security

“Security is a function of time, resources, and expertise. Given enough of all three, any security boundary can be compromised. That is why we keep testing and improving even after launch,” says Jan Zápeca, Head of Engineering.  

In the hardware industry, it is not about whether vulnerabilities exist, they exist in every chip. It is about what happens when they are found. We chose a model where the answer is: you find out, the whole industry finds out and the hardware evolves. We believe this is the only model that actually protects you in the long run. 

Continuous evolution is key. That’s why we don't just tolerate scrutiny. We invite it. We encourage independent researchers, academics, and engineers to probe our chips, break into them if they can, and push us to continuously improve - explore our published security reports. Every attempted exploit drives faster patches, smarter defenses, and stronger hardware. Because security isn't a static certificate; it is a living, evolving process that must move as fast as the threats themselves - read more in our Security Through Transparency blog. 

“Auditable hardware does not guarantee the absence of vulnerabilities. It promises that vulnerabilities can be found, disclosed, debated, mitigated, and fixed. Responsible product design must build enough defense-in-depth that one silicon-level weakness does not cause a system-level collapse. Tropic Square has demonstrated the necessary openness about an important vulnerability as a necessary first step to tackle it.” - Tom Fürstner, RDDL Founder

“True financial freedom means holding your wealth securely in your own hands. That is why, when it comes to protecting people's digital assets, we don't rely on a single source of trust. We deliberately engineered a multi-vendor, layered defense because, in both principle and practice, we favor open-source auditability over paperwork-induced obscurity. This approach reinforces our core philosophy: over long horizons, obscure silicon is a systemic hazard. True security requires a transparent, peer-reviewed ecosystem like the one that Tropic Square brings.” - Matěj Žák, Trezor CEO

"Protection is engineered as a defense-in-depth, impact-reduction framework rather than a set of independent safeguards. Therefore, a single vulnerability seldom results in complete system compromise, as exploitation usually requires multiple conditions to be met." - Miro Svetlik, ContentWise Founder

‍

Advancing Transparent Hardware: Get Involved  

The only way to outpace tomorrow’s threats is through continuous scrutiny and shared technical discipline. If you share this vision of verifiable security, join us in building the next generation of transparent hardware. 

Join the Discord chat.

Test the hardware.

‍