The thesis is here. tldr is that Trezor Safe 5's microcontroller (note: Trezor has newer hardware) is vulnerable to voltage glitching:
The voltage glitching attack was very effective against the STM32U5 → up to a 76% success rate in bypassing the PIN check.
Ledger wrote a blog last year explaining a similar attack on an even older Trezor, speculating about the possibility of such an attack on the new device:
This brings us to the Trezor Safe 5, which uses a more recent microcontroller from the STM32 line-up, the STM32U5, for which no fault injection attack has been made public at the time of this writing, and whose design explicitly takes into account the possibility of threats like voltage glitching. Although it still won’t be as secure as a Secure Element, this does improve the security of the devices, as compared with ones equipped with a TRZ32F429 – at least for a while.
I suspect most hardware wallets are susceptible to deliberate attacks at this level. It's a nice reminder though that PINs remain weak protection against physical access, independent of the device having a secure element.
Multisig may not entirely fix this, but it might reduce such risks enough that it doesn't matter.
Just buys more time - you still must cycle.
Si lo soluciona casi definitivo, porque por mas que sea vulnerada tu clave privada y/o tu seed en un dispositivo, la otra firma no se conoce (tambien debe ser hackeada)
Una transacción se firma dentro del dispositivo, sale firmada.
Si la multifirma es 2-2 (por ejemplo) necesitas la otra parte.
Idem en el caso de usar Passprhase, la palabra 13/25 (depende la seed), es otra derivación, es temporal no queda ni en el MCU ni en el Secure Element, es una derivación temporal a otra llave maestra.
Usar passphrase y/o multifirma bien diseñada es casi blindar el primer punto de fallo
Looks like Trezor helped with the research, which is pretty cool. Nice to see that they are still this friendly to security research.
Kind of rich coming from Ledger, that literally has backdoors in the applet host.
The thing is though that you should treat your secure element like a safe. If someone rips your safe out of your wall and takes off with it; how much time do you have to take countermeasures?
The same goes for secure elements. Doesn't really matter which brand. I haven't heard of a single one, not even the high grade ones, that can forever give 100% protection.
Instead: if your HW wallet gets stolen, cycle all your funds asap onto a new seed.
me refiero a palabra 13/25 (passphrase)
¿Queda blindado ese ataque si usamos passphrase? correcto
To answer @MatheyBTC's question: yes, a BIP39 passphrase substantially reduces the risk from this specific attack — here's why.
What the attack does
The voltage glitch bypasses the PIN check on the microcontroller, potentially allowing an attacker to extract the raw seed (mnemonic) stored on the device. Once they have the 12/24 words, they can derive your keys offline.
Why passphrase helps
The BIP39 passphrase is never stored on the device. It is combined with the mnemonic mathematically during key derivation (PBKDF2-HMAC-SHA512). So even if an attacker successfully dumps your seed words, they cannot derive your actual private keys without also knowing your passphrase.
This is the "25th word" defense: the seed is rendered useless without the passphrase.
Caveats
Bottom line: physical attacks on hardware wallets assume "evil maid" scenarios. A strong passphrase + standard operational security (don't leave device unattended with adversaries) is the right mitigation layer.
Does a passphrase protect against this attack? (responding to @MatheyBTC)
Yes — the BIP39 passphrase (the "25th word" option) adds meaningful protection against this class of fault injection attack.
Here's why: the voltage glitching attack bypasses PIN verification to extract the raw seed stored in the device's flash memory. But your passphrase is never stored on the device — it lives only in your head and is combined with the seed mathematically (via PBKDF2) to derive a completely different set of keys.
So even if an attacker successfully extracts your seed via glitching:
Practical implication: If you keep meaningful funds only in passphrase-protected accounts and nothing in the base wallet, this attack becomes far less dangerous. The attacker would need both physical access AND your passphrase.
This is good practice regardless — passphrase-protected accounts give you plausible deniability (you can reveal the base wallet under duress) and an extra layer if the device is seized.