Prominent onchain investigator ZachXBT has delivered a stinging assessment of crypto self-custody solutions, publicly labeling all hardware wallets as “complete garbage” and singling out Ledger, a market leader, as “the worst.”
His sharp critique, delivered in a Telegram post and widely reported on Thursday, July 16, 2026, challenges long-held industry best practices, following a year marked by significant crypto thefts tied to social engineering and software vulnerabilities.
Revisiting the hardware wallet model
ZachXBT, known for his work in tracing stolen funds, argued that current hardware devices are ill-suited for critical tasks like signing transactions or securely storing substantial amounts of cryptocurrency. Instead, he controversially suggested that technically proficient users might find a dedicated iPhone, used exclusively for crypto activities, a more robust operational setup.
Hardware wallets have traditionally served as the bedrock of secure self-custody, designed to isolate private keys from internet-connected computers. Companies like Ledger and Trezor have built their reputations on this principle, promoting offline key storage as the most effective defense against online malware and hacking attempts.
But ZachXBT contends that this traditional assessment is becoming outdated. He articulated in his Telegram post that he no longer recommends hardware wallets for “important tasks like signing transactions or storing funds.” He considers every existing solution inadequate for today’s complex threat landscape.
His criticism isn’t primarily aimed at the cryptographic strength of these devices. Instead, it targets their operational reliability and the expanding ecosystem around them. ZachXBT believes that the increasing complexity, frequent software updates, and reliance on companion applications inadvertently introduce new points of friction and potential failure for users.
Ledger faces sharp criticism from ZachXBT
Among hardware wallet providers, Ledger, a dominant force in the sector, bore the brunt of ZachXBT’s scorn. He branded the company’s products “the worst,” citing issues with Ledger Live (now rebranded as Ledger Wallet).
His complaints specifically centered on Ledger Live’s frequent updates. He claimed these updates unnecessarily modify user interfaces and applications, often “breaking simple actions.” This commentary points to a frustration with usability and software stability, rather than a direct flaw in Ledger’s core hardware security. Ledger maintains its private keys never leave the device during normal operation.
Ledger’s historical security challenges
ZachXBT’s broader criticism of Ledger also stems from a history of public security and privacy controversies. In 2020, a significant data breach exposed over a million customer email addresses, alongside other personal details like names, phone numbers, and physical addresses.
More recently, the company faced backlash over its optional “Ledger Recover” feature, which allows for the export of encrypted key fragments for wallet restoration. There was also the 2023 Ledger Connect Kit compromise, where malicious code was injected into decentralized applications, affecting users interacting with those platforms.
In 2026, ZachXBT himself warned of a data exposure related to Global-e, an external payment processor used by Ledger. This incident reportedly exposed personal information, though Ledger clarified that private keys or funds were not directly compromised. These cumulative events contribute to the investigator’s skeptical stance on the ecosystem surrounding Ledger products.
The enduring vulnerability of human error
The core of ZachXBT’s argument highlights a crucial distinction in crypto security: while hardware wallets generally protect private keys from computer-based malware, they can’t fully shield users from their own mistakes or the cunning of social engineering. This gap in protection has proven costly for many.
Early this year, a single crypto holder lost more than $282 million in Bitcoin and Litecoin in one of the largest individual thefts ever recorded. ZachXBT’s investigation revealed this massive loss resulted from a sophisticated social engineering scam, not a technical exploit of the hardware wallet itself.
The attacker cleverly manipulated the victim into compromising their own security. The stolen funds, which included approximately 2.05 million LTC and 1,459 BTC, were quickly laundered through various instant exchanges, converted to Monero, and bridged across several blockchain networks using Thorchain. This incident underscores that the human element often remains the weakest link.
The persistent threat of fake applications
Hardware wallet users are increasingly targeted by fraudulent software designed to mimic legitimate applications. These fake apps capitalize on user trust and often appear authentic enough to deceive even cautious individuals.
In April, a counterfeit Ledger Live application briefly appeared on Apple’s App Store, leading to substantial losses. Before its removal, the scam siphoned at least $9.5 million in cryptocurrencies, including Bitcoin, Ethereum, Solana, Tron, and XRP, from over 50 victims.
This particular attack didn’t exploit Ledger’s hardware; instead, victims unknowingly entered their recovery phrases into the malicious software, handing complete control of their assets to the attackers. Such incidents reinforce ZachXBT’s concern that device isolation alone is insufficient if the broader software ecosystem remains vulnerable to impersonation and phishing tactics.
Re-evaluating self-custody strategies
ZachXBT’s controversial suggestion of using a dedicated iPhone for crypto management isn’t a universally accepted recommendation, but it does reflect a shifting perspective on security. An iPhone, rigorously configured without social media, messaging, or other non-essential apps, could reduce exposure to common online attack vectors.
Modern iPhones also incorporate Apple’s Secure Enclave, a hardware-backed security feature for sensitive cryptographic operations. However, security professionals caution that smartphones are still internet-connected devices, relying on operating system integrity and user behavior. They don’t offer the same “cold storage” isolation as traditional hardware wallets.
For the majority of crypto investors, hardware wallets—when acquired directly from official manufacturers and used with proper security hygiene—still offer a significant advantage over leaving funds on centralized exchanges or basic software wallets. They provide a layer of defense against direct malware attacks that a regular smartphone cannot replicate.
Ultimately, ZachXBT’s comments spotlight a growing sentiment that the cryptocurrency industry’s security focus needs to evolve. While devices are important, the primary battleground against theft has shifted towards combating social engineering and addressing vulnerabilities within the broader software and user ecosystem. Investors must prioritize vigilance, verify software authenticity, and meticulously protect their recovery phrases, regardless of their chosen self-custody method.
