Trezor Safe 3 and Safe 5 Hardware Wallet Vulnerability: Why Supply Chain Security Cannot Be an Afterthought

Hardware wallets have long been considered the gold standard of cryptocurrency self-custody, offering an air-gapped environment for private key management that software wallets simply cannot match. But a disclosure from Ledger’s open-source research division, Ledger Donjon, has shaken that assumption by revealing a significant vulnerability in Trezor’s Safe 3 and Safe 5 hardware wallet models. The discovery, patched by Trezor after responsible disclosure, raises urgent questions about supply chain integrity and the assumptions users make when trusting hardware devices with their digital assets.

The Threat Landscape

The cryptocurrency market in March 2025 reflected a period of heightened activity, with Bitcoin trading at approximately $82,862 and Ethereum around $1,920. As asset values climbed, so did the incentive for sophisticated attacks targeting custody solutions. The Trezor vulnerability emerged not from a software bug in the traditional sense, but from a hardware-level weakness in the microcontroller architecture that underpins the entire security model of these devices.

Ledger Donjon discovered that cryptographic operations could still be performed on the microcontroller of the Trezor Safe 3 model, potentially making it vulnerable to advanced physical attacks. The microcontroller used in Trezor Safe devices, labeled TRZ32F429, a customized STM32F429 chip, was found to be susceptible to voltage glitching attacks, a technique that involves applying precise voltage fluctuations to disrupt normal processor behavior and reveal protected memory contents.

Core Principles

Understanding this vulnerability requires grasping several fundamental security principles that govern hardware wallet design. The first is the separation between the Secure Element and the general-purpose microcontroller. A Secure Element is a dedicated chip designed specifically to resist physical and logical attacks, storing sensitive cryptographic material in a hardened environment. The microcontroller, by contrast, handles the broader operational logic of the device, including user interface interactions and communication with host computers.

The core issue is that Trezor’s design relies on a pre-shared secret between the Secure Element and the microcontroller for authenticity verification. Ledger Donjon demonstrated that an attacker with physical access could potentially extract this secret through voltage glitching, then reprogram the device to appear genuine while running malicious firmware. This breaks the trust chain that users depend on when they verify their device is authentic.

Another potential attack vector stemmed from the firmware integrity check that Trezor implemented to detect modified software. Ledger showed that this security check could be bypassed, undermining a critical safeguard that was supposed to prevent tampered devices from operating.

Tooling and Setup

The demonstrated attack involved desoldering the microcontroller from the Trezor device and applying precise voltage changes to reveal the flash memory contents. This is a highly technical procedure requiring specialized equipment, including a soldering station, voltage glitching hardware, and expertise in embedded systems security. It is not an attack that can be performed remotely or by a casual adversary.

However, the supply chain attack scenario is far more concerning. A sophisticated operation could intercept devices during manufacturing or distribution, implant malicious firmware, and deliver compromised wallets to unsuspecting users. Such an attack could lead to the remote theft of user funds without any visible indication of tampering. The barrier to entry for this type of attack is high but not impossibly so, particularly for well-funded state-sponsored groups known to target cryptocurrency infrastructure.

Trezor responded by patching the vulnerability after Ledger’s disclosure, though notably, when asked whether the fix was delivered through a firmware update, Trezor responded that it was not. This leaves some ambiguity about how exactly the issue was addressed and whether all devices in circulation have been protected.

Ongoing Vigilance

For users, the incident reinforces several essential security practices. First, always purchase hardware wallets directly from the manufacturer’s official website or authorized resellers. Never buy second-hand devices or accept hardware wallets from unverified sources. Second, verify the tamper-evident packaging upon receipt and immediately check the firmware version using the official Trezor Suite application. Third, enable the passphrase feature, which adds an additional layer of protection by requiring a secondary password that is never stored on the device itself.

The Trezor Safe 5 model uses an upgraded microcontroller that is reportedly resistant to voltage glitching, representing a hardware-level improvement over its predecessor. Users with Safe 3 devices should be particularly vigilant and consider upgrading if they are managing significant holdings.

Final Takeaway

The Ledger Donjon disclosure is not an indictment of Trezor’s commitment to security, but rather a reminder that hardware wallet security is a continuous arms race. Every design decision involves trade-offs between security, usability, and cost. The discovery and responsible disclosure of this vulnerability ultimately strengthens the ecosystem, but only if users act on the lessons it teaches. Supply chain security is not a feature that can be added after the fact. It must be embedded in every stage of the device lifecycle, from chip fabrication through final delivery to the end user.

Disclaimer: This article is for informational purposes only and does not constitute financial or investment advice. Always conduct your own research before making financial decisions.