ZachXBT Calls Hardware Wallets ‘Garbage’ and Recommends Dedicated iPhone

Ledger



Blockchain investigator ZachXBT has advised crypto users against relying on hardware wallets for storing significant funds or signing transactions, arguing that a dedicated iPhone provides a more reliable self-custody setup.

“All hardware wallets are complete garbage,” ZachXBT wrote in a Telegram post, describing the view as a “hot take.” He recommended keeping a separate iPhone whose only purpose is operating as a crypto wallet, limiting its exposure to unrelated applications and everyday browsing.

The recommendation challenges the dominant cold-storage model, where hardware devices keep private keys away from internet-connected computers and require physical confirmation before signing. ZachXBT did not identify a new hardware vulnerability or claim that every device shares the same technical weaknesses.

His criticism focused heavily on Ledger and the software surrounding its devices rather than a demonstrated break of secure-element hardware.

Ledger Live Updates Draw Sharp Criticism

ZachXBT called Ledger the worst hardware-wallet provider and criticized Ledger Live, now branded Ledger Wallet, for receiving regular interface and application updates that he said can disrupt basic actions.

Ledger’s official release history includes frequent security improvements, interface changes, integrations and bug fixes. Its open-source GitHub repository also records continuing modifications across device connections, analytics, onboarding, asset support and portfolio features.

Frequent software releases can patch vulnerabilities and add asset support, but they also expand the operational layer between the hardware device and the transaction being signed. Wallet users still depend on the companion application to construct transactions, display asset information and connect with decentralized applications.

ZachXBT previously challenged Ledger’s “free from compromise” marketing, pointing to the company’s 2020 customer-data breach, the 2023 Connect Kit supply-chain exploit and a 2026 incident involving order data held by e-commerce partner Global-e.

Those incidents did not expose recovery phrases stored inside Ledger devices. They affected customer information, third-party infrastructure and decentralized application connections, creating phishing and malicious-signing risks outside the secure element.

Dedicated Phone Setup Carries Different Risks

A dedicated iPhone can reduce exposure when it is isolated from email, social media, unknown applications and routine web activity. It remains an internet-connected general-purpose device, leaving its security dependent on the operating system, installed wallet software, backups, account recovery settings and the user’s signing behavior.

Hardware wallets also cannot protect users who approve malicious transactions or enter recovery phrases into compromised software. A musician lost nearly 6 BTC after a fake Ledger application appeared in Apple’s App Store and requested his 24-word recovery phrase.

Ledger’s security guidance instructs users to enter recovery phrases only on the physical device during setup or restoration. The company also recommends verifying transaction details on the hardware screen rather than relying exclusively on information displayed by the connected phone or computer.



Source link

Coinmama

Be the first to comment

Leave a Reply

Your email address will not be published.


*