Trezor just unveiled Safe 7 and set a ship date of November 23, 2025, with the company marketing the device as “quantum ready.”
However, the label refers to the wallet’s ability to verify future firmware and device attestations using post-quantum cryptography once these paths are available, and not to on-chain protections for Bitcoin or Ethereum today.
According to Trezor’s own interpreter quantum readinesspost-quantum upgrades for public networks don’t exist yet, so Safe 7’s design goal is to accept, verify, and execute those updates when they arrive, and to prove the device’s authenticity during that transition.
This step extends the device’s chain of trust, meaning the boot process, attestation passport, and update checks are structured to add post-quantum algorithms later without having to swap out hardware.
A core part of the pitch is controllability at the silicon border.
Safe 7 introduces TROPICAL01a secure chip built so that outside researchers can inspect how it handles secrets like the PIN and the seed, rather than treating the silicon like a sealed black box.
According to Trezor, Safe 7 combines TROPIC01 with a second, certified secure element for layered storage and tamper resistance, which aims to diversify failure modes and reduce exposure at a single point.
The audit posture matters because much of the threat surface for hardware wallets has shifted from network attacks to user endpoints and signature flows, with hardware, firmware, backups and restores creating practical bottlenecks.
Connectivity is another change. Safe 7 adds Bluetooth for phone use, but the link goes through Trezor Host protocolwhich Trezor describes as an open specification that provides encryption, authentication and integrity for host-to-device messages.
The company states that Bluetooth can be turned off and the device can operate in USB-only mode for users who don’t want a wireless interface. This provides a clear operational choice for users who value wire-only signing or who separate devices based on transportation policy.
Safe 7 does not change the way public networks validate transactions today.
Bitcoin and Ethereum continue to rely on ECDSA and Schnorr signatures, and any move to post-quantum or hybrid signature schemes would occur through network-level processes including client code updates, soft or hard fork mechanisms, and broad ecosystem coordination.
According to Trezor documentationThe Safe 7 approach is to ensure that the device can trust and authenticate firmware, attestations, and application updates containing post-quantum algorithms as soon as the networks and client software support them, so that users are not limited by hardware when the migration windows open.
The timing comes in a year when wallet-targeted crime has claimed a larger share of crypto losses. According to Chain analysisBy mid-2025, approximately $2.17 billion had been stolen, which is already more than the total for all of 2024, with a larger portion coming from compromises that hit users’ wallets and keys rather than just protocol-level exploits.
That environment puts pressure on endpoint hardening, including checks on device authenticity and a transparent path for security updates that can be audited by the community.
At the policy level, the world is already moving towards a post-quantum standards era.
The US National Institute of Standards and Technology will finalize the first post-quantum standards in 2024 FIPS-203 for CRYSTALS-Kyber key determination and FIPS 204 and 205 for CRYSTALS-Dilithium and SPHINCS+ signatures.
Outside of crypto, mainstream products have begun to deliver post-quantum protection to billions of users, such as Apple’s adoption of the PQ3 protocol for iMessageillustrating how migration can be staged in production environments with fallbacks and telemetry, long before every participant in the ecosystem switches at once.
This macro background illustrates why a ‘quantum-ready’ wallet is more about readiness than immediate impact.
The useful distinction for everyday users is that Safe 7 prepares the device to trust future post-quantum firmware and prove it is a real Trezor even if attestation moves to post-quantum algorithms, while on-chain transaction formats and consensus rules remain unchanged until networks adopt new cryptography.
In practical terms, this resembles a boot chain and passport that can include new signature suites for boot validation and update authorization, plus a communications layer with authenticated, encrypted sessions via Bluetooth or USB.
For buyers deciding whether to upgrade, the calculation splits along two lines.
Users who want hardware that can verify post-quantum firmware and day-one attestations, and who value a verifiably secure chip over closed silicon, may now prefer Safe 7’s stance.
Users who are happy with a current wallet and plan to revisit it once networks announce actual support for post-quantum or hybrid transactions can reasonably wait, as the main benefit of Safe 7 today is upgrade flexibility rather than immediate changes to the way Bitcoin or Ethereum signatures are generated and validated.
Trezor’s documentation makes it clear that network-level post-quantum updates are not yet available, so expectations should be set accordingly.
A short-term question for security teams is how to deploy Safe 7 within existing policies. The device enables USB workflows only for environments that prohibit wireless interfaces, and it uses an open host protocol for authenticated and encrypted sessions where Bluetooth is allowed.
The dual-element storage model and auditable chip area will be of interest to labs and independent reviewers because more inspection points mean more opportunities to verify that key processing, error detection, and memory isolation behave as documented.
Industry guidance continues to push institutions to plan for post-quantum risks on multi-year timelines. Banks and public sector agencies have called for early migration planning due to the ‘harvest-now, decrypt-later’ risk, where attackers log traffic today to decrypt later once suitable hardware is available, pushing out the planning window even if practical quantum attacks on current public-key schemes are still years away.
For a snapshot of the policy, see Europol’s view that banks should do so prepare now for the risk of quantum computing. For crypto platforms, a plausible path is a phased adoption, starting with hybrid verification in select flows such as withdrawals or custody certificates, followed by broader customer support as standards and libraries stabilize.
In that world, hardware that can verify post-quantum updates without the need to switch devices reduces operational friction during cutover windows.
The key facts that will matter in the coming months are clear.
Safe 7’s product page reflects availability as of November 23, 2025, leaving room for early assessments and wallet-to-wallet comparisons in terms of auditability, connectivity checks, and update discipline. Chainalysis estimates theft at $2.17 billion by mid-year, continuing to focus on device-level protection and recovery hygiene.
NIST’s FIPS set for post-quantum algorithms has been completed, and mainstream vendors have demonstrated the large-scale rollout of phased-back post-quantum protocols.
The common thread for crypto users is that “quantum-ready” means the device can trust a post-quantum update and prove the device’s identity with post-quantum attestation when that software is ready, not that on-chain signatures are any different these days.
| Item | Detail |
|---|---|
| Availability | November 23, 2025 (see the product page) |
| Silicon | TROPICAL01 verifiable secure chip plus a second certified secure element |
| Connectivity | Bluetooth via Trezor host protocolOnly USB mode available |
| Post-quantum reach | Device firmware and attest path ready for post-quantum algorithms, no change in network signatures |
| Context | By mid-2025, $2.17 billion will be stolen Chain analysis, NIST FIPS 203/204/205 approved in 2024 |
