Hi!
Do you mean any recent one? If so, I have not seen it. Could you link it here?
In case you mean Nitrokey Start, the read-out protection for this chip turned out to be faulty, and could be overcomed, allowing to read out the flash. However its content is encrypted. To decrypt the data attacker has to run the brute-force attack, hence it is important to have it long enough. For sufficiently long PIN the attack is not feasible to execute.
Here are more details about this: Key generation with Nitrokey Start on Debian buster fails / RSA4096
Announcement for the Nitrokey Start: Breaking the STM32F1 Read-Out Protection