A heated debate erupted in the cryptocurrency community this week as prominent on-chain investigator ZachXBT publicly dismissed hardware wallets as “complete garbage,” urging users to opt for dedicated iPhones instead. Danny Sanders, Chief Commercial Officer for hardware wallet manufacturer Trezor, swiftly pushed back against these assertions on July 16, 2026.
Sanders defended the foundational security principles of hardware wallets, arguing that ZachXBT’s sweeping criticism oversimplified a complex issue of self-custody and threat models. The exchange highlights a persistent tension between perceived ease-of-use and robust, multi-layered security protocols in the digital asset space.
The core of the hardware wallet security debate
ZachXBT, known for his detailed investigations into crypto scams and exploits, didn’t mince words in a recent Telegram post. He stated unequivocally, “All hardware wallets are complete garbage and I do not advise using them for important tasks like signing transactions or storing funds.” He suggested users instead dedicate a separate iPhone solely for crypto operations.
His critique extended specifically to Ledger, a major competitor, which he branded “the worst” for frequent, disruptive software and firmware updates. These updates, ZachXBT claimed, often “break simple actions” for users attempting to manage their digital assets, creating frustration and potential vulnerabilities.
ZachXBT’s hardline stance on crypto storage
ZachXBT’s stance isn’t merely theoretical; it stems from a landscape riddled with high-profile thefts and security breaches. He pointed to recent large-scale losses, many attributed to social engineering rather than direct device compromise, as evidence of hardware wallets’ perceived shortcomings.
For example, a fraudulent Ledger Live clone on the App Store reportedly led to $9.5 million being drained in April, including 5.92 Bitcoin from musician G. Love. In January, another victim lost over $282 million in Bitcoin and Litecoin due to a social-engineering scam involving a hardware wallet.
Trezor’s defense and nuanced security perspective
Sanders acknowledged the frustrations some users face, particularly with updates that can disrupt urgent, high-value transactions. “I actually get it, and I agree that we have clunky solutions out there,” he admitted during an interview on The Block’s The Starting Block. He recognized the difficulty in balancing security with usability.
However, Sanders argued that ZachXBT’s broad generalization missed critical distinctions. He explained that hardware wallets are not a one-size-fits-all solution, especially for sophisticated users managing significant sums who require more complex setups. But this doesn’t equate to them being “garbage.”
Beyond simple security: Understanding different threat models
The debate ultimately boils down to differing philosophies on threat modeling. ZachXBT implicitly suggests that the attack surface of a general-purpose smartphone, when isolated for crypto, is smaller or more manageable than that of a hardware wallet, especially given the ecosystem around them.
Sanders, however, presented a direct counter-argument. He emphasized that even a dedicated iPhone, despite being stripped down, remains a “general-purpose device with too many doors.” Features like Wi-Fi, Bluetooth, iMessage, and cellular connectivity inherently introduce more “attack factors” than purpose-built hardware wallets.
iPhone vs. hardware wallet: a deeper look
The core of the hardware wallet’s advantage, Sanders noted, lies in its role as an “independent second screen.” This feature allows users to visually verify transaction details directly on the device before signing, preventing compromises if a connected phone or computer is infected with malware.
Generating seed words on an iPhone, even a dedicated one, also introduces risks such as iCloud backups and clipboard leaks. These are vulnerabilities that hardware wallets, designed for offline key generation and storage, largely mitigate, offering a crucial layer of protection.
The role of user error and social engineering
Many of the high-profile losses cited by ZachXBT and others often stem from user errors or sophisticated social engineering tactics. These exploits trick users into compromising their keys or seed phrases, typically through phishing attacks or fake applications, rather than directly breaching the hardware wallet itself.
The $9.5 million Ledger Live clone incident perfectly illustrates this. Users were fooled into entering their recovery phrases into a malicious application, bypassing the physical security of their hardware wallets entirely. This distinction is crucial when evaluating the actual security of the devices.
The evolving landscape of crypto self-custody solutions
The discussion around hardware wallets has drawn in other key figures. Roman Storm, co-founder of Tornado Cash, sided partially with ZachXBT. He highlighted the lack of mobile wallets supporting BIP39 passphrases as a significant gap in current self-custody options.
BIP39 passphrases add an extra layer of security, allowing users to protect funds even if their physical seed phrase backup is compromised. Storm called on mobile wallet developers to prioritize this feature, alongside air-gapped transaction signing, which would enable users to sign transactions without any network connection.
Roman Storm’s call for enhanced mobile features
Storm’s intervention underscores a broader industry push for more robust, yet still user-friendly, mobile self-custody tools. While a dedicated iPhone might offer some isolation, it lacks the specialized cryptographic capabilities and independent verification screens found in hardware devices.
The focus on BIP39 passphrases and air-gapped signing suggests a desire to bring cold storage principles to a more accessible, mobile-first environment. This could represent a future iteration of self-custody that blends aspects of both hardware and software solutions.
Industry’s ongoing struggle between usability and ultimate security
This ongoing debate spotlights the crypto industry’s perennial challenge: how to make self-custody secure without making it prohibitively complex. Trezor’s Sanders aptly described it as building “on the edge of security and usability.” The average crypto holder needs solutions that are both intuitive and resilient against an ever-evolving array of threats.
As the market matures and more individuals take control of their digital assets, the discussion around what constitutes “safe” custody will only intensify. This isn’t just about which device is superior, but about educating users and innovating solutions that match varying levels of technical proficiency and risk tolerance.
The conversation initiated by ZachXBT and Sanders ensures that the industry remains focused on these critical security considerations.
