Key facts
- Crypto investigator ZachXBT stated that all current hardware wallet solutions are unreliable for high-stakes operations.
- He suggested using a dedicated iPhone as a signing device, stripped down for wallet purposes.
- ZachXBT identified Ledger as the worst offender among hardware wallet providers.
- His criticism comes after a large theft where a hardware wallet user lost over $282 million in Bitcoin and Litecoin.
- The theft was reportedly a social-engineering scam, not a cryptographic break of a hardware device.
Crypto investigator ZachXBT has sharply criticized hardware wallets, deeming them "complete garbage" and unsuitable for storing significant funds or signing transactions. In a series of social media posts, ZachXBT argued that current hardware wallet solutions fall short on security and usability, recommending instead a dedicated iPhone stripped down for wallet use only.
ZachXBT specifically called out Ledger as the worst offender, citing frequent and disruptive updates to its Ledger Live interface that often break basic functionalities. This assessment comes in the wake of a reported large-scale theft where a hardware wallet user lost over $282 million worth of Bitcoin and Litecoin in a social-engineering scam on January 10. The attacker reportedly converted the stolen funds into Monero and used Thorchain to move Bitcoin across networks.
The investigator's critique challenges the common crypto security recommendation of using hardware wallets to keep private keys offline. ZachXBT emphasized that while hardware devices can protect private keys from malware, they do not safeguard users against poor operational security, phishing attempts, counterfeit devices, or social engineering tactics. The debate highlights how crypto self-custody has evolved into a human-security challenge, where users bear responsibility for seed phrase secrecy, address verification, and device authenticity.
Ledger has previously faced scrutiny over data exposure incidents, including a breach involving its payment processor Global-e, which exposed personal information like names and addresses. While users' private keys were not directly compromised, such data exposure can enable targeted phishing attacks and social engineering. ZachXBT's assessment suggests that while genuine hardware wallets used correctly can be safer than exchanges or software wallets, they should be viewed as one layer in a broader custody strategy, not a complete security solution.
