Trezor just unveiled Safe 7 and set a Nov. 23, 2025 ship date with the company is marketing the device as “quantum-ready.”
However, the label refers to the wallet’s ability to verify future firmware and device attestation using post-quantum cryptography once those paths are available, not to on-chain protections for Bitcoin or Ethereum today.
According to Trezor’s own explainer on quantum readiness, post-quantum upgrades for public networks do not exist yet, so Safe 7’s design goal is to accept, verify, and run those updates when they arrive, and to prove device authenticity across that transition.
The move extends the device chain of trust, meaning the boot process, attestation passport, and update checks are structured to add post-quantum algorithms later without swapping hardware.
A core part of the pitch is auditability at the silicon boundary.
Safe 7 introduces TROPIC01, a secure chip built so external researchers can inspect how it handles secrets such as the PIN and seed, instead of treating the silicon as a sealed black box.
According to Trezor, Safe 7 pairs TROPIC01 with a second, certified secure element for layered storage and tamper resistance, which aims to diversify failure modes and reduce single-point exposure.
The audit posture matters because much of the hardware wallet threat surface has shifted from network attacks to user endpoints and signing flows, where hardware, firmware, backups, and recovery procedures create practical choke points.
Connectivity is another change. Safe 7 adds Bluetooth for phone use, but the link runs through Trezor Host Protocol, which Trezor describes as an open specification that provides encryption, authentication, and integrity for host-to-device messages.
The company states that Bluetooth can be disabled and the device can operate in USB-only mode for users who do not want a wireless interface. That gives a clear operating choice for users who value cable-only signing or who segregate devices by transport policy.
Safe 7 does not change how public networks validate transactions today.
Bitcoin and Ethereum continue to rely on ECDSA and Schnorr signatures, and any move to post-quantum or hybrid signature schemes would come through network-level processes that include client code updates, soft or hard fork mechanics, and broad ecosystem coordination.
According to Trezor’s documentation, the Safe 7 approach is to ensure the device can trust and verify firmware, attestation, and application updates that incorporate post-quantum algorithms once the networks and client software support them, so that users are not gated by hardware when migration windows open.
The timing lands in a year when wallet-targeted crime has taken a larger share of crypto losses. According to Chainalysis, about $2.17 billion had been stolen by mid-2025, already outpacing the full-year 2024 total, with a higher portion coming from compromises that touch user wallets and keys rather than only protocol-level exploits.
That environment puts pressure on endpoint hardening, including device authenticity checks and a transparent path for security updates that can be scrutinized by the community.
At the policy layer, the world is already moving into a post-quantum standards era.
The U.S. National Institute of Standards and Technology finalized the first post-quantum standards in 2024, including FIPS 203 for CRYSTALS-Kyber key establishment and FIPS 204 and 205 for CRYSTALS-Dilithium and SPHINCS+ signatures.
Outside crypto, mainstream products have begun shipping post-quantum protections to billions of users, such as Apple’s adoption of the PQ3 protocol for iMessage, which illustrates how migration can be staged in production environments with fallbacks and telemetry, long before every ecosystem participant switches at once.
That macro backdrop frames why a “quantum-ready” wallet is about readiness more than immediate impact.
The useful distinction for everyday holders is that Safe 7 prepares the device to trust future post-quantum firmware and to prove it is a genuine Trezor even if attestation moves to post-quantum algorithms, while on-chain transaction formats and consensus rules remain unchanged until networks adopt new cryptography.
In practical terms, this looks like a startup chain and passport that can incorporate new signature suites for boot validation and update authorization, plus a communications layer with authenticated, encrypted sessions over Bluetooth or USB.
For buyers deciding whether to upgrade, the calculus splits along two lines.
Users who want hardware that can verify post-quantum firmware and attestations on day one, and who value an auditable secure chip over closed silicon, may prefer Safe 7’s posture now.
Users who are satisfied with a current wallet and plan to revisit once networks announce actual post-quantum or hybrid transaction support can reasonably wait, since Safe 7’s headline benefit today is upgrade agility rather than immediate changes to how Bitcoin or Ethereum signatures are generated and validated.
Trezor’s documentation is explicit that network-level post-quantum updates are not available yet, so expectations should be set accordingly.
A near-term question for security teams is how to operate Safe 7 within existing policies. The device allows USB-only workflows for environments that ban wireless interfaces, and it uses an open host protocol for authenticated and encrypted sessions where Bluetooth is permitted.
The dual-element storage model and auditable chip surface will be of interest to labs and independent reviewers, since more inspection points mean more opportunities to verify that key handling, fault detection, and memory isolation behave as documented.
Sector guidance continues to push institutions to plan for post-quantum risks on multi-year timelines. Banking and public-sector bodies have called for early migration planning due to harvest-now, decrypt-later risk, where attackers record traffic today in order to decrypt later once capable hardware is available, which moves the planning window forward even if practical quantum attacks on current public-key schemes remain years out.
For a policy snapshot, see the Europol-affiliated view that banks should prepare for quantum computer risk now. For crypto platforms, a plausible path is staged adoption that starts with hybrid verification in selected flows such as withdrawals or custody attestations, followed by broader client support once standards and libraries stabilize.
In that world, hardware that can verify post-quantum updates without a device swap reduces operational friction during cutover windows.
Key facts that matter for the next few months are straightforward.
Safe 7’s product page lists availability on Nov. 23, 2025, creating a window for early reviews and wallet-to-wallet comparisons on auditability, connectivity controls, and update discipline. Chainalysis pegs mid-year theft at $2.17 billion, which keeps attention on device-level protections and recovery hygiene.
NIST’s FIPS set for post-quantum algorithms is finalized, and mainstream vendors have demonstrated at-scale rollouts of post-quantum protocols with staged fallback.
The throughline for crypto users is that “quantum-ready” means the device can trust a post-quantum update and prove device identity with post-quantum attestation when that software is ready, not that on-chain signatures are different today.
| Item | Detail |
|---|---|
| Availability | Nov. 23, 2025 (see the product page) |
| Silicon | TROPIC01 auditable secure chip plus a second certified secure element |
| Connectivity | Bluetooth via Trezor Host Protocol, USB-only mode available |
| Post-quantum scope | Device firmware and attestation path ready for post-quantum algorithms, no change to network signatures |
| Context | 2.17 billion dollars stolen by mid-2025 per Chainalysis, NIST FIPS 203/204/205 approved in 2024 |