July 16, 2026 ChainGPT

ZachXBT Calls Hardware Wallets 'Garbage', Slams Ledger and Urges Dedicated iPhone

ZachXBT Calls Hardware Wallets 'Garbage', Slams Ledger and Urges Dedicated iPhone
“Hardware wallets are garbage,” onchain sleuth ZachXBT declared this week — and he saved his sharpest criticism for Ledger. In a terse Telegram post, the well-known investigator dismissed current hardware wallets as unsuitable for signing “critical transactions” or holding large sums. ZachXBT called Ledger “the worst,” accusing the company’s desktop software of frequent, unnecessary updates that “break simple actions.” Rather than a hardware device, he recommended using a dedicated iPhone solely for managing crypto assets. ZachXBT’s comments are his personal assessment; he did not present evidence of a new security breach or that Ledger’s private-key protections have been compromised. Still, his critique lands amid ongoing concerns about user-targeted attacks that bypass a device’s underlying cryptography. Ledger’s response and product changes Ledger has rebranded its desktop app from Ledger Live to Ledger Wallet. According to the company’s release notes, Ledger Wallet version 4.8.0 — released June 11 — included interface changes, minor bug fixes and security improvements. Ledger continues to promote hardware-based signing as a way to keep private keys isolated from internet-connected devices. Why the debate matters The dispute highlights two competing approaches to self-custody: - Hardware wallets: keep private keys off general-purpose, internet-connected devices. Their security model relies on isolated signing and tamper-resistant hardware. - Device separation (ZachXBT’s proposal): use a single, air-gapped or dedicated smartphone (he suggested an iPhone) exclusively for crypto to reduce exposure from everyday browsing, messaging and app installs. Neither approach is immune to user-targeted threats. Recent incidents show attackers often exploit social engineering and fake applications rather than breaking a hardware wallet’s cryptographic protections. High-profile attacks targeting users, not chips Last January, a crypto holder lost more than $282 million in Bitcoin and Litecoin after a social engineering scam involving a hardware wallet; attackers rapidly moved funds through multiple services and converted parts into Monero. In April, a fraudulent app impersonating Ledger Live briefly appeared on Apple’s App Store and is reported to have stolen at least $9.5 million from more than 50 victims in a single week. Victims entered recovery phrases into the fake app, allowing attackers to drain assets across multiple chains. Apple later removed the bogus application. What this means for users ZachXBT’s recommended dedicated iPhone would indeed reduce many attack vectors tied to everyday device use. But a smartphone still depends on its operating system, installed apps, backup practices and the user’s security hygiene. Likewise, hardware wallets remain effective only if users avoid entering seed phrases into impostor apps, verify software sources, and follow firmware- and app-update best practices. Ultimately, the debate underscores a simple truth: self-custody security is as much about user practices, app vetting and social engineering awareness as it is about the security design of devices. Whether users favor hardware isolation or strict device separation, vigilance — verified downloads, cautious handling of recovery phrases, and consideration of multisig or other custody strategies — remains essential. Read more AI-generated news on: undefined/news