Onchain investigator ZachXBT has ignited a recent debate over crypto self-custody after declaring that at present’s {hardware} wallets are “full rubbish” and unsuitable for signing necessary transactions or storing important quantities of cryptocurrency. As a substitute of counting on devoted {hardware} units, he argues that skilled customers could also be higher served by utilizing a separate iPhone reserved completely for crypto actions—a advice that challenges one of many trade’s longest-standing safety practices.
The feedback, shared in a current Telegram put up, rapidly unfold throughout the crypto neighborhood, drawing each assist and criticism. Whereas ZachXBT’s remarks mirror his private opinion quite than proof of a brand new vulnerability affecting {hardware} wallets, they arrive as phishing campaigns, pretend pockets purposes, and social engineering assaults proceed to empty hundreds of thousands of {dollars} from crypto holders.

ZachXBT Calls {Hardware} Wallets “Full Rubbish”
ZachXBT Questions the {Hardware} Pockets Mannequin
{Hardware} wallets have lengthy been thought-about the gold normal for self-custody as a result of they hold personal keys remoted from internet-connected units. Firms corresponding to Ledger and Trezor market their merchandise round this core precept, arguing that offline key storage considerably reduces the chance of malware stealing crypto property.
ZachXBT disagrees with that evaluation.
In his Telegram put up, he wrote that he doesn’t suggest {hardware} wallets for “necessary duties like signing transactions or storing funds,” calling each present resolution insufficient. He as an alternative steered utilizing a devoted iPhone configured solely for crypto pockets administration and transaction signing. He added a tongue-in-cheek caveat that customers ought to solely think about the setup if they’re technically competent.
His criticism focuses much less on cryptographic safety and extra on operational reliability. Based on ZachXBT, at present’s {hardware} pockets ecosystem has grow to be more and more advanced, introducing pointless software program updates and companion purposes that may create further friction for customers.
Ledger Receives the Sharpest Criticism
Amongst {hardware} pockets producers, Ledger obtained ZachXBT’s strongest criticism.
He described Ledger as “the worst,” arguing that frequent updates to Ledger’s companion software program unnecessarily modify the interface and purposes whereas sometimes disrupting fundamental pockets capabilities. The criticism seems directed primarily on the software program expertise quite than the safety structure defending customers’ personal keys.
Ledger, in the meantime, continues to place hardware-based signing as one of many most secure strategies for safeguarding digital property. The corporate lately rebranded Ledger Stay as Ledger Pockets and launched model 4.8.0 with interface enhancements, safety enhancements, and bug fixes as a part of its ongoing software program improvement. The corporate maintains that non-public keys by no means go away customers’ units throughout regular operation.
Importantly, ZachXBT didn’t declare that Ledger had suffered a brand new compromise or that its Safe Aspect expertise had been damaged. His argument as an alternative facilities on usability, software program complexity, and the broader ecosystem surrounding {hardware} wallets.


Ledger Pockets Current Replace
Human Error Stays the Weakest Hyperlink
The talk highlights an more and more necessary distinction in crypto safety.
Fashionable {hardware} wallets are typically efficient at defending personal keys from malware operating on computer systems. Nonetheless, they can’t stop customers from voluntarily revealing restoration phrases, approving malicious transactions, or downloading counterfeit software program.
That actuality has grow to be more and more obvious all through 2026.
Earlier this yr, ZachXBT reported {that a} crypto holder misplaced greater than $282 million price of Bitcoin and Litecoin in one of many largest particular person crypto thefts on file. Based on his investigation, the theft resulted from a {hardware} pockets social engineering rip-off quite than a technical compromise of the system itself. The attacker subsequently laundered the funds by a number of prompt exchanges, transformed substantial quantities into Monero, and bridged Bitcoin throughout a number of blockchain networks utilizing Thorchain.
The incident strengthened a rising consensus amongst safety researchers: attackers more and more goal folks quite than cryptography.
Pretend Apps Proceed to Threaten Pockets Customers
{Hardware} pockets house owners have additionally grow to be frequent targets of faux software program designed to impersonate authentic pockets purposes.
In April, a fraudulent Ledger Stay software briefly appeared on Apple’s App Retailer, efficiently deceiving customers into getting into their restoration phrases. The rip-off finally stole no less than $9.5 million in cryptocurrency from greater than 50 victims earlier than Apple eliminated the appliance.
The stolen property included Bitcoin, Ethereum, Solana, Tron, and XRP, illustrating how social engineering stays efficient even when customers personal authentic {hardware} wallets.
The assault didn’t exploit Ledger’s {hardware} itself. As a substitute, victims voluntarily entered their restoration phrases into software program they believed was real, giving attackers full management over their wallets.
Circumstances like these clarify why ZachXBT believes system isolation alone is not sufficient if the encompassing software program ecosystem stays weak to impersonation and phishing.


A pretend Ledger app on the Apple App Retailer drained $9.5 million in crypto (Supply: ZachXBT)
A Totally different Strategy to Self-Custody
ZachXBT’s proposal of utilizing a devoted iPhone represents a special philosophy quite than a universally accepted greatest apply.
A smartphone used completely for crypto—with no social media, messaging, internet searching, or pointless purposes put in—may scale back publicity to sure assault vectors related to on a regular basis system use. Fashionable iPhones additionally incorporate Apple’s Safe Enclave, which offers hardware-backed safety for delicate cryptographic operations.
Nonetheless, safety professionals be aware that smartphones stay internet-connected units and nonetheless depend upon working system integrity, software safety, backup practices, and consumer habits. They don’t seem to be equal to conventional chilly storage.
For many buyers, {hardware} wallets bought immediately from producers and used accurately proceed to supply significant safety in contrast with leaving property on centralized exchanges or normal software program wallets.
In the end, ZachXBT’s feedback mirror rising frustration with how {hardware} wallets are sometimes marketed as full safety options when the best dangers more and more originate exterior the units themselves. Whether or not customers select devoted {hardware} wallets or different self-custody strategies, specialists proceed to emphasise the identical fundamentals: by no means share restoration phrases, confirm software program authenticity, buy units solely by official channels, and stay vigilant in opposition to phishing and social engineering assaults.

