🗝️ Crack it open

While the news week is just getting started, we’ve already seen some big announcements from Coinbase and some more info around Binance’s listing process. 

Today we’re looking at the new Trezor hardware wallet, focusing on two key parts that make it interesting: its quantum concerns and its open chip.

— Kate Irwin

Trezor’s latest is all-wireless and ‘quantum-ready’

Crypto hardware wallet firm Trezor has just unveiled its latest product: the Safe 7.

The $250 device maintains the same shield-like shape of its predecessors and comes in three color options. It has an aluminum body, a large touch screen and uses Tropic Square’s Tropic01 chip (Trezor and Tropic Square share the same parent company, SatoshiLabs). 

Preorders are slated to begin shipping around Nov. 23 when it becomes fully available.

Quantum curiosity 

The Trezor Safe 7 is “quantum-ready,” but that doesn’t mean it’s equipped today to face a powerful supercomputer from the future. 

For years, Big Tech firms like Apple have been thinking about and preparing for a “post-quantum” future, where supercomputers may be able to crack current encryption and cryptography. 

While quantum computers don’t appear to be there yet, we’ve seen machines inch closer to that possibility as scientists put them to work and develop new chips and tech. 

For what it’s worth, Nvidia CEO Jensen Huang doesn’t think quantum computers will have much utility for at least another 20 years. 

What “quantum-ready” means in the case of the Trezor Safe 7 is that the device could be upgraded in the future to handle post-quantum cryptography — after blockchains are leveled up to a PQC state. 

Maybe that’s a nice-to-have for those more concerned about the quantum threat, or for those planning to stash their wallet away for decades to come. But it’s far from a guarantee of safety because it would require future user action ahead of the threat.

Not everyone’s as unconcerned about quantum computing as Huang, though. Just this week, Mysten Labs’ chief cryptographer argued in an op-ed that it’s time for the crypto industry to take the quantum threat seriously.

A Deloitte deep dive into quantum computing’s threat to bitcoin from October 2024 concluded: “Presently, about 25% of the bitcoins in circulation are vulnerable to a quantum attack.”

“If you have bitcoins in a vulnerable address and believe that progress in quantum computing is more advanced than publicly known, then you should probably transfer your coins to a new p2pkh address (don’t forget to make a secure backup of your private key),” the Deloitte writers added.

Last week, a quantum company said it’s determined a “quantum-resistant Bitcoin implementation.”

So there’s hope the industry will find more solutions before the threat becomes real.

Opening up the chip

The Safe 7’s Tropic01 chip, which itself was released in February, is not closed source and includes some security features that may appeal to traders and hackers alike. 

The Tropic01 is being referred to as an “open” chip because it is auditable and its developer, Tropic Square, wants third-party security experts to try to white hat attack its chip. 

Trezor has historically kept its source code open-source, as well.

If you’re a developer or security expert and want to test the new chip for yourself, you can request chip samples or a developer kit from the manufacturer. 

“Trust in technology must be earned through a user’s ability to verify what’s beneath the surface,” Tropic Square CEO and co-founder Jan Pleskac said in a statement. 

“TROPIC01 does that by allowing device makers to truly see what’s inside their devices and to continuously adapt to new threats. A line of defence that is impossible under closed, proprietary models.”

Of course, the average person won’t be able to meaningfully test and verify that their Trezor is as safe as the company says it is, but perhaps additional crowd-sourced, third-party verification could help buyers make more informed choices.

In the Safe 7, the Tropic01 chip comes with a feature called MAC&Destroy that’s intended to thwart brute-force attacks before they can happen by “irreversibly limiting PIN attempts and destroying authentication tokens after repeated failures,” a release for the chip explains.

Users will have to regain access to their wallets by restoring via backup if their device is locked due to too many incorrect PIN attempts — so a backup is critical here.

In his talk introducing the wallet, Trezor CEO Matěj Žák explained the issue with using closed-source components: “If we as a company find any vulnerability with that specific chip, we cannot truly talk about it with you, our customers or with anybody else in the industry.”

Trezor CTO Tomas Susanka also shared a story about how they had tested another closed-source chip and found security issues, but claimed the manufacturer had “zero” interest in sharing the flaw publicly or warning its customers. 

In crypto, transparency doesn’t always exist because it’s a double-edged sword. If open manufacturers publish information about their projects’ flaws while closed competitors don’t, some might view the “open” company as inferior even if it’s just not a fair comparison.

Sometimes, being fully transparent opens a company up to more criticism and scrutiny because it’s possible to do so, while those who stay silent might be similarly exposing their customers without that realization becoming public.

Ultimately, transparency is something our industry desperately needs more of, but it might not always seem good for business. 

Part of what makes crypto special is those core ideals of permissionlessness, decentralization and trustlessness. 

These days, I often feel like those have been cast to the wayside in the name of revenue, growth and mass adoption.

But maybe — just maybe — this industry doesn’t have to compromise.

I watched this video so now you have to, too. Volume up if you want to scare your coworkers:

Love The Drop? Take our quick reader survey!