cryptocurrency widget, price, heatmap
arrow
Burger icon
cryptocurrency widget, price, heatmap
News/ZachXBT Calls Hardware Wallets “Complete Garbage”

ZachXBT Calls Hardware Wallets “Complete Garbage”

Van Thanh Le

Van Thanh Le

PublishedJul 16 2026

UpdatedJul 16 2026

8 hours ago5 minutes read
Balancing security: Ledger vs Apple

Dedicated iPhones enter the crypto self-custody security debate

TL;DR

  • ZachXBT said hardware wallets are unreliable for critical transactions and singled out Ledger as the worst provider.
  • His criticism concerns signing workflows, software updates and misleading transaction displays, not a newly identified hardware exploit.
  • Security specialists increasingly separate private-key protection from safeguards limiting what an authorized signature can execute.

Trade smarter on Jupiter, Solana’s leading DEX built for fast execution and deep liquidity. 

Swap tokens at competitive rates, route across multiple liquidity sources automatically, and access perpetuals, DCA, and advanced trading tools — all in one place!


Onchain investigator ZachXBT said on July 16, 2026, that hardware wallets are “complete garbage” and recommended using a separate iPhone dedicated to crypto activity for important transactions and large balances. He directed his strongest criticism at Ledger, but no new exploit or compromise of Ledger’s private-key protections was identified. His argument centers instead on whether hardware wallets and their companion software give users enough reliable information to recognize malicious transactions before signing them.

Screenshot 2026-07-16 192217.png

ZachXBT called Ledger “the worst” provider and criticized what he described as “regular updates for UI / apps for no good reason that break simple actions.” His comments challenged the operational reliability of the company’s wallet software and the practical safety of signing transactions through hardware devices. 

Ledger Live has since been renamed Ledger Wallet. Ledger released Ledger Wallet version 4.8.0 on June 11, 2026, with security improvements, interface changes and minor bug fixes. The company continues to promote hardware signing as a way to keep private keys separate from internet-connected computers, addressing the risk that malware could extract credentials directly from a conventional desktop or mobile environment.

Secure keys can still authorize theft

Hardware wallets are designed primarily to stop private keys from leaving a dedicated device. That protection remains valuable, particularly when compared with storing keys directly on an internet-connected computer. However, a hardware wallet can protect a key correctly while still producing a valid signature for a transaction that the user misunderstands, cannot fully inspect or has been deceived into approving.

Both smartphones and hardware wallets ultimately serve as signing devices. The practical security question is therefore not limited to whether malware can steal a private key. It also includes what a valid signature authorizes, how the transaction is presented and whether the device gives the signer enough information to identify a changed destination, excessive permission or malicious contract interaction.

The approximately $1.5 billion Bybit theft demonstrated that distinction. Attackers manipulated what authorized signers saw and collected legitimate signatures for a transaction that appeared routine. The hardware wallets involved could not display enough contextual information for the signers to identify the malicious swap before approval, allowing the attackers to exploit the authorization process without extracting the underlying keys.

Radiant Capital suffered an approximately $50 million loss through a similar mechanism. Developers using hardware wallets signed a malicious transaction during a workflow that appeared normal on their screens. The incident again showed that attackers may be able to bypass strong key isolation by corrupting the interface or transaction information presented to an authorized signer.

Period or incident Affected users or wallets Reported loss Main risk described
2025 wallet compromises tracked by Chainalysis Approximately 158,000 wallets and around 80,000 victims $713 million Multiple attack methods across the self-custody process
January social-engineering incident One crypto holder More than $282 million in Bitcoin and Litecoin Hardware-wallet-related social engineering
April 2026 fraudulent application campaign More than 50 victims within approximately one week More than $9.5 million A fake Ledger application collected recovery phrases

ZachXBT said the attackers behind the January theft quickly moved the stolen assets through several services and converted part of the funds into Monero. The loss was not presented as a direct compromise of the hardware wallet. It instead showed how criminals can bypass secure hardware by convincing a victim to disclose sensitive information, reveal recovery credentials or perform actions that transfer control of the assets.

The fraudulent Ledger application copied the company’s branding and appeared to users searching for legitimate wallet software. Victims entered recovery phrases into the application, allowing attackers to take control of wallets containing Bitcoin, EthereumSolanaTron and XRP. Apple later removed the software.

The application’s exact distribution path remains unresolved. It was characterized both as having bypassed Mac App Store review on Mac and as having been listed on Apple’s App Store. Both descriptions indicate that fraudulent wallet software reached users through an Apple-controlled distribution environment despite platform review controls.


We’ve launched the all-new COIN360 Perp DEX, built for traders who move fast!

Trade 130+ assets with up to 100× leverage, enjoy instant order placement and low-slippage swaps, and earn USDC passive yield while climbing the leaderboard. Your trades deserve more than speed — they deserve mastery.


Dedicated phones reduce some risks

ZachXBT’s proposed setup uses an iPhone reserved exclusively for crypto activity rather than a general-purpose phone carrying email, messaging, social media, browser extensions and unrelated applications. Separating the wallet from routine online activity can reduce exposure to malicious links, downloaded files, compromised accounts and everyday software that has no reason to interact with crypto credentials.

A dedicated iPhone can also provide a larger display for transaction information, application sandboxing, biometric access controls and Apple’s hardened operating system. Those features may offer a clearer and more controlled environment for active signing than a small hardware-wallet display, particularly when a transaction involves several assets, permissions or smart-contract operations.

The approach does not make the phone automatically safe. A clean device can still run a fraudulent wallet, synchronize sensitive information through cloud services, expose encrypted wallet material through flawed software or persuade its owner to enter a recovery phrase into a malicious application. The fake Ledger application directly illustrates that limitation.

Apple’s Secure Enclave also does not provide a direct replacement for every hardware-wallet signing function. It signs with NIST P-256 keys, while Bitcoin and Ethereum use the secp256k1 elliptic-curve standard. Depending on a wallet’s implementation, the Secure Enclave may protect access to encrypted wallet material while the blockchain signature is generated elsewhere in the software stack.

That technical distinction means an iPhone should not automatically be treated as equivalent to a dedicated secure element built specifically for cryptocurrency keys. Its protections depend partly on how the wallet developer stores, decrypts and uses the key when preparing a signature.

Purpose-built hardware wallets retain an advantage for private-key isolation. Specialized devices are designed to keep keys separated from general-purpose applications and internet-connected operating systems, making remote extraction more difficult. Bitcoin security specialist Jameson Lopp continues to recommend dedicated hardware for cold storage on that basis.

Cold storage and active signing diverge

Cold storage and active transaction signing increasingly represent separate security problems. Long-term storage prioritizes keeping keys offline, limiting transaction frequency and reducing the number of systems that can access the wallet. Active use requires readable transaction information, dependable software and controls that reduce the consequences of an incorrect approval.

Dedicated hardware remains the cleaner model for long-term Bitcoin custody and simple transfers because it removes private keys from a general-purpose internet-connected device. A dedicated iPhone may be better suited to an active wallet holding a limited balance when the user needs a larger display and regularly interacts with clear transaction flows.

Neither setup fully addresses complex decentralized-finance transactions, token approvals or smart-contract calls. Those interactions require users to understand the contract method, destination, assets involved, spending permission and potential consequences before approving the operation.

Clear signing is one proposed response. It converts raw contract data into understandable transaction descriptions, allowing a wallet to show what assets are moving, what permissions are being granted and what result the contract call is intended to produce.

ERC-7730 is the standardization effort cited for that model. It allows protocols to provide machine-readable instructions that wallets can use to convert opaque hashes or contract calls into plain-language descriptions of transaction intent, affected assets and requested permissions. Ledger helped develop the standard and transferred its governance to the Ethereum Foundation.

Clearer descriptions still depend on the user recognizing suspicious activity and refusing approval. Better wording cannot guarantee that a signer will read the information, understand its implications or reject a malicious request created through urgency, impersonation or a trusted-looking interface.

Wallet policies can limit damage

Trail of Bits has proposed placing enforceable restrictions directly inside smart-contract wallets. The approach would prevent a mistaken, captured or maliciously obtained signature from moving assets beyond limits established by the wallet owner.

Available controls include daily spending limits, allowlisted destinations, delays for large withdrawals, different keys for routine spending and policy changes, and an emergency period during which a suspicious transaction can be canceled. Rather than granting unrestricted authority to any valid signature, the wallet would evaluate the amount, destination, timing and transaction type before allowing execution.

A wallet could, for example, apply a daily transfer cap of $100,000 and permit transfers only to approved addresses. A 24-hour delay for transactions above that cap could allow an unauthorized attempt to be identified and canceled before settlement, reducing the realistic loss close to zero under the described scenario.

Chainalysis’s Hexagate applies a related policy-driven model for organizations. Hexagate can simulate transactions before signing and compare them with internal rules, allowing suspicious or noncompliant actions to be flagged before an authorized person produces the final signature.

Policy controls are particularly relevant to treasuries, protocol multisignature accounts and other high-value wallets that must remain operational. They introduce additional smart-contract, configuration and governance complexity, but they can prevent a single compromised approval from immediately exposing an entire balance.

A vault-and-operating-wallet structure offers a simpler form of containment. Most assets remain in a comparatively inactive vault, while the operating wallet holds only the amount needed for regular transactions. The arrangement does not eliminate phishing or malicious signing, but it limits how much an attacker can access through the active wallet.

The developing security model combines dedicated hardware for deep cold storage, a limited active wallet for routine use, clear transaction displays and enforceable controls over amounts, destinations and timing. ZachXBT’s criticism does not establish that hardware wallets are cryptographically weaker than iPhones. It highlights the separate risk that secure keys can still authorize harmful transactions when users cannot verify what they are signing.

FAQ

Did ZachXBT identify a new Ledger hardware exploit?

No. His criticism focused on software reliability and transaction signing, not a newly disclosed hardware compromise.

Why might someone use a dedicated iPhone?

It separates crypto activity from everyday applications, accounts, browsing and messaging.

Does Apple’s Secure Enclave directly sign Bitcoin transactions?

Not necessarily. Bitcoin uses secp256k1, while the Secure Enclave uses NIST P-256 keys.

What can policy wallets prevent?

They can restrict transfers by amount, destination, timing and transaction type, even after a valid signature.

This article has been refined and enhanced by ChatGPT.

cryptocurrency widget, price, heatmap
v 5.13.11
© 2017 - 2026 COIN360.com. All Rights Reserved.