Onchain investigator ZachXBT has ignited a recent debate over crypto self-custody after declaring that in the present day’s {hardware} wallets are “full rubbish” and unsuitable for signing essential transactions or storing vital quantities of cryptocurrency. As an alternative of counting on devoted {hardware} gadgets, he argues that skilled customers could also be higher served by utilizing a separate iPhone reserved completely for crypto actions—a suggestion that challenges one of many trade’s longest-standing safety practices.
The comments, shared in a current Telegram submit, shortly unfold throughout the crypto neighborhood, drawing each assist and criticism. Whereas ZachXBT’s remarks mirror his private opinion fairly than proof of a brand new vulnerability affecting {hardware} wallets, they arrive as phishing campaigns, faux pockets purposes, and social engineering assaults proceed to empty thousands and thousands of {dollars} from crypto holders.

ZachXBT Calls {Hardware} Wallets “Full Rubbish”
ZachXBT Questions the {Hardware} Pockets Mannequin
{Hardware} wallets have lengthy been thought of the gold commonplace for self-custody as a result of they preserve non-public keys remoted from internet-connected gadgets. Firms similar to Ledger and Trezor market their merchandise round this core precept, arguing that offline key storage considerably reduces the chance of malware stealing crypto belongings.
ZachXBT disagrees with that evaluation.
In his Telegram submit, he wrote that he doesn’t advocate {hardware} wallets for “essential duties like signing transactions or storing funds,” calling each present answer insufficient. He as an alternative steered utilizing a devoted iPhone configured solely for crypto pockets administration and transaction signing. He added a tongue-in-cheek caveat that customers ought to solely think about the setup if they’re technically competent.
His criticism focuses much less on cryptographic safety and extra on operational reliability. In keeping with ZachXBT, in the present day’s {hardware} pockets ecosystem has grow to be more and more advanced, introducing pointless software program updates and companion purposes that may create further friction for customers.
Ledger Receives the Sharpest Criticism
Amongst {hardware} pockets producers, Ledger acquired ZachXBT’s strongest criticism.
He described Ledger as “the worst,” arguing that frequent updates to Ledger’s companion software program unnecessarily modify the interface and purposes whereas sometimes disrupting fundamental pockets features. The criticism seems directed primarily on the software program expertise fairly than the safety structure defending customers’ non-public keys.
Ledger, in the meantime, continues to place hardware-based signing as one of many most secure strategies for shielding digital belongings. The corporate lately rebranded Ledger Dwell as Ledger Pockets and launched model 4.8.0 with interface enhancements, safety enhancements, and bug fixes as a part of its ongoing software program improvement. The corporate maintains that non-public keys by no means go away customers’ gadgets throughout regular operation.
Importantly, ZachXBT didn’t declare that Ledger had suffered a brand new compromise or that its Safe Factor expertise had been damaged. His argument as an alternative facilities on usability, software program complexity, and the broader ecosystem surrounding {hardware} wallets.

Ledger Pockets Latest Replace
Human Error Stays the Weakest Hyperlink
The talk highlights an more and more essential distinction in crypto safety.
Trendy {hardware} wallets are typically efficient at defending non-public keys from malware operating on computer systems. Nevertheless, they can’t stop customers from voluntarily revealing restoration phrases, approving malicious transactions, or downloading counterfeit software program.
That actuality has grow to be more and more obvious all through 2026.
Earlier this yr, ZachXBT reported {that a} crypto holder misplaced greater than $282 million price of Bitcoin and Litecoin in one of many largest particular person crypto thefts on report. In keeping with his investigation, the theft resulted from a {hardware} pockets social engineering rip-off fairly than a technical compromise of the system itself. The attacker subsequently laundered the funds by a number of on the spot exchanges, transformed substantial quantities into Monero, and bridged Bitcoin throughout a number of blockchain networks utilizing Thorchain.
The incident bolstered a rising consensus amongst safety researchers: attackers more and more goal individuals fairly than cryptography.
Faux Apps Proceed to Threaten Pockets Customers
{Hardware} pockets house owners have additionally grow to be frequent targets of pretend software program designed to impersonate official pockets purposes.
In April, a fraudulent Ledger Dwell utility briefly appeared on Apple’s App Retailer, efficiently deceiving customers into coming into their restoration phrases. The rip-off finally stole a minimum of $9.5 million in cryptocurrency from greater than 50 victims earlier than Apple eliminated the applying.
The stolen belongings included Bitcoin, Ethereum, Solana, Tron, and XRP, illustrating how social engineering stays efficient even when customers personal official {hardware} wallets.
The assault didn’t exploit Ledger’s {hardware} itself. As an alternative, victims voluntarily entered their restoration phrases into software program they believed was real, giving attackers full management over their wallets.
Circumstances like these clarify why ZachXBT believes system isolation alone is now not sufficient if the encompassing software program ecosystem stays weak to impersonation and phishing.

A faux Ledger app on the Apple App Retailer drained $9.5 million in crypto (Supply: ZachXBT)
A Completely different Method to Self-Custody
ZachXBT’s proposal of utilizing a devoted iPhone represents a distinct philosophy fairly than a universally accepted finest apply.
A smartphone used completely for crypto—with no social media, messaging, internet looking, or pointless purposes put in—might scale back publicity to sure assault vectors related to on a regular basis system use. Trendy iPhones additionally incorporate Apple’s Safe Enclave, which offers hardware-backed safety for delicate cryptographic operations.
Nevertheless, safety professionals word that smartphones stay internet-connected gadgets and nonetheless rely on working system integrity, utility safety, backup practices, and person conduct. They don’t seem to be equal to conventional chilly storage.
For many traders, {hardware} wallets bought instantly from producers and used accurately proceed to offer significant safety in contrast with leaving belongings on centralized exchanges or commonplace software program wallets.
In the end, ZachXBT’s feedback mirror rising frustration with how {hardware} wallets are sometimes marketed as full safety options when the best dangers more and more originate outdoors the gadgets themselves. Whether or not customers select devoted {hardware} wallets or different self-custody strategies, specialists proceed to emphasise the identical fundamentals: by no means share restoration phrases, confirm software program authenticity, buy gadgets solely by official channels, and stay vigilant in opposition to phishing and social engineering assaults.




