For years, hardware wallets have been the go-to recommendation for anyone serious about self-custody of crypto assets. That presumption took a sharp hit this week after noted onchain investigator ZachXBT bluntly called current hardware wallet models “garbage” and singled out Ledger as the worst offender. In a statement that quickly circulated among security-focused circles, the original report captured ZachXBT’s argument that many hardware devices simply aren’t suitable for signing critical transactions or storing large amounts of capital.
The critique lands at a moment when on-chain asset volumes are climbing fast. Tokenized real-world assets have crossed $20 billion, as this weekly tokenization roundup shows, and the most active blockchains are handling record levels of developer engagement, a topic covered in our latest developer activity list . The idea that the primary tool for securing those assets might be fundamentally broken is more than a niche complaint.
Ledger’s Frequent Updates Under Fire
ZachXBT’s most specific frustration is directed at Ledger, the Paris-based manufacturer that dominates the consumer hardware wallet market. He pointed to Ledger Live updates that repeatedly disrupt basic functionality. A wallet that can’t reliably process a transaction because of a pending firmware update or a broken app version ceases to be a security tool and becomes a liability. When a user has to weigh the risk of a failed transaction against the risk of waiting, the utility of cold storage erodes.
The complaint isn’t unprecedented. Ledger’s user base has long voiced frustration with update cadence and the occasional bricking of devices after a rushed firmware push. For a company that markets security as its core value, any interruption in availability feeds the argument that hardware wallets are overengineered for scenarios that rarely occur while being underprepared for the everyday friction users actually face.
The iPhone Alternative and the Self-Custody Debate
Where things get provocative is ZachXBT’s suggested alternative: a dedicated iPhone used solely for crypto management, kept completely segregated from other apps and everyday use. That’s a significant departure from conventional advice. Most security guidelines label phones as inherently more exposed than a purpose-built hardware device. But ZachXBT’s stance is that modern mobile operating systems have become sufficiently hardened, and that a clean, factory-reset iPhone — never used for browsing, messaging, or installing third-party apps — could be a more reliable signing environment than a hardware wallet that introduces its own supply chain and firmware risk.
The suggestion forces a real conversation about trade-offs. A hardware wallet’s air-gapped design matters only if the firmware it runs can be trusted. If a user can’t audit that firmware, or if updates force breakage at the wrong moment, the theoretical security advantage begins to look thin. An iPhone, on the other hand, benefits from Apple’s Secure Enclave and a well-funded security team patching the OS regularly. The question is whether a user can maintain the discipline required to keep a phone truly dedicated to one task.
What This Means for Custody and Regulation
The timing also intersects with the broader regulatory push around digital asset custody. As banks lobby to reshape major crypto legislation just days before a Senate vote, the security model individuals use to hold private keys becomes a policy question, not just a personal preference. If regulators ultimately mandate certain custody standards, the inadequacy of popular hardware wallets would create a gulf between official guidance and practical reality.
ZachXBT’s criticism does not have to be read as an attack on self-custody itself. It’s a warning that the tools the industry has relied on for nearly a decade haven’t kept pace with the expectations placed on them. Whether hardware wallet makers address the reliability gaps or a new cohort of mobile-first signing solutions takes share, the reputational damage has been dealt. The investigator who normally traces stolen funds has now turned his attention to the very tools people use to protect them — and the review isn’t kind.