Trezor just unveiled Safe 7 and set a Nov. 23, 2025 ship date with the company is marketing the device as “quantum-ready.”
However, the label refers to the wallet’s ability to verify future firmware and device attestation using post-quantum cryptography once those paths are available, not to on-chain protections for Bitcoin or Ethereum today.
The move extends the device chain of trust, meaning the boot process, attestation passport, and update checks are structured to add post-quantum algorithms later without swapping hardware.
According to Trezor, Safe 7 pairs TROPIC01 with a second, certified secure element for layered storage and tamper resistance, which aims to diversify failure modes and reduce single-point exposure.
The audit posture matters because much of the hardware wallet threat surface has shifted from network attacks to user endpoints and signing flows, where hardware, firmware, backups, and recovery procedures create practical choke points.
The company states that Bluetooth can be disabled and the device can operate in USB-only mode for users who do not want a wireless interface. That gives a clear operating choice for users who value cable-only signing or who segregate devices by transport policy.
Bitcoin and Ethereum continue to rely on ECDSA and Schnorr signatures, and any move to post-quantum or hybrid signature schemes would come through network-level processes that include client code updates, soft or hard fork mechanics, and broad ecosystem coordination.
That environment puts pressure on endpoint hardening, including device authenticity checks and a transparent path for security updates that can be scrutinized by the community.
That macro backdrop frames why a “quantum-ready” wallet is about readiness more than immediate impact.
The useful distinction for everyday holders is that Safe 7 prepares the device to trust future post-quantum firmware and to prove it is a genuine Trezor even if attestation moves to post-quantum algorithms, while on-chain transaction formats and consensus rules remain unchanged until networks adopt new cryptography.
In practical terms, this looks like a startup chain and passport that can incorporate new signature suites for boot validation and update authorization, plus a communications layer with authenticated, encrypted sessions over Bluetooth or USB.
Users who want hardware that can verify post-quantum firmware and attestations on day one, and who value an auditable secure chip over closed silicon, may prefer Safe 7’s posture now.
Users who are satisfied with a current wallet and plan to revisit once networks announce actual post-quantum or hybrid transaction support can reasonably wait, since Safe 7’s headline benefit today is upgrade agility rather than immediate changes to how Bitcoin or Ethereum signatures are generated and validated.
Trezor’s documentation is explicit that network-level post-quantum updates are not available yet, so expectations should be set accordingly.
A near-term question for security teams is how to operate Safe 7 within existing policies. The device allows USB-only workflows for environments that ban wireless interfaces, and it uses an open host protocol for authenticated and encrypted sessions where Bluetooth is permitted.
The dual-element storage model and auditable chip surface will be of interest to labs and independent reviewers, since more inspection points mean more opportunities to verify that key handling, fault detection, and memory isolation behave as documented.
Sector guidance continues to push institutions to plan for post-quantum risks on multi-year timelines. Banking and public-sector bodies have called for early migration planning due to harvest-now, decrypt-later risk, where attackers record traffic today in order to decrypt later once capable hardware is available, which moves the planning window forward even if practical quantum attacks on current public-key schemes remain years out.
In that world, hardware that can verify post-quantum updates without a device swap reduces operational friction during cutover windows.
NIST’s FIPS set for post-quantum algorithms is finalized, and mainstream vendors have demonstrated at-scale rollouts of post-quantum protocols with staged fallback.
The throughline for crypto users is that “quantum-ready” means the device can trust a post-quantum update and prove device identity with post-quantum attestation when that software is ready, not that on-chain signatures are different today.
