One of the crypto industry’s most-followed onchain investigators has dismissed the entire hardware wallet category as unfit for serious self-custody in a post that directly challenges the cold storage orthodoxy the sector has promoted for a decade.
“Hot take: All hardware wallets are complete garbage and I do not advise using them for important tasks like signing transactions or storing funds,” ZachXBT wrote in a Telegram post on Wednesday, which had drawn over 18,000 views within hours. He instead recommended keeping a separate iPhone whose sole purpose is to function as a crypto wallet, adding the caveat that the setup is only suitable for technically competent users.
The investigator reserved his sharpest criticism for Ledger, the French manufacturer that dominates the hardware wallet market, arguing that Ledger Live receives regular UI and app updates “for no good reason” that end up breaking simple actions.
The complaint follows Ledger’s decision last month to rebrand Ledger Live into Ledger Wallet, folding buying, swapping, staking, and yield features into what was once a relatively simple companion app. Critics have long argued that each added integration widens the attack surface and increases the odds of regressions in core signing flows.
Why the Criticism Resonates
The timing is not incidental. Hardware wallets, and Ledger in particular, have spent the first half of 2026 at the center of a string of damaging incidents, most of which exploited the human layer around the device rather than the device itself.
In April, a fraudulent Ledger Live clone on the Apple App Store drained roughly $9.5 million from users, including musician G. Love, who lost his 5.92 BTC retirement fund after entering his seed phrase into the fake application. In January, a single victim lost more than $282 million in Bitcoin and Litecoin in a hardware wallet social engineering scam, one of the largest individual thefts on record.
A March incident saw a trader report 30,000 USDC vanishing from a supposedly air-gapped Ledger setup, while June brought a physical mail phishing campaign impersonating Ledger and exploiting quantum computing fears, likely fueled by customer data exposed in the company’s 2020 e-commerce breach.
The pattern across these cases is consistent. The secure element inside the device rarely fails. What fails is everything around it: the companion software, the app store distribution channel, the leaked customer databases, and users who can be manipulated into typing 24 words into the wrong screen.
The Case for the iPhone Argument
The dedicated iPhone thesis is not as contrarian as it first appears. Modern iPhones store key material inside Apple’s Secure Enclave, a hardware-isolated coprocessor that performs a similar role to the secure chips inside dedicated signing devices.
Combined with aggressive app sandboxing, rapid security patch cycles, and biometric authentication, a factory-fresh iPhone used exclusively for wallet apps arguably presents a smaller and better-maintained attack surface than a hardware wallet paired with a general-purpose laptop running companion software.
There is also a supply chain argument. Hardware wallets ship through e-commerce channels that have already leaked customer names and home addresses, effectively advertising who holds crypto and where they live. A phone purchased anonymously at retail carries no such flag.
The Counterargument
The thesis has real weaknesses, and the investigator’s own case files illustrate them. The fake Ledger app that stole $9.5 million was distributed through Apple’s own App Store, demonstrating that the iOS ecosystem is not immune to the impersonation attacks plaguing hardware wallet users.
A phone is also, by design, an internet-connected device, which places it closer to a hot wallet than true cold storage, however locked down the configuration. And a single-device setup concentrates seed generation, storage, and signing in one piece of hardware, removing the physical confirmation step that hardware wallets impose on outgoing transactions.
Ledger has consistently maintained that its core security model holds so long as users never enter their recovery phrase into any app or website, a position its leadership has repeated after each impersonation incident.
The post is best read not as a literal migration guide but as a shot at an industry whose products are marketed as foolproof while the ecosystem around them keeps failing ordinary users. On that narrower charge, the evidence from the past twelve months is difficult to dismiss.
Also Read: LAB Price Crashes 54% Again as ZachXBT Links $18.3M Token Dump to Team
