On May 8, 2025, on-chain investigator ZachXBT dropped a bomb: hardware wallets are 'complete garbage.' His recommendation? A dedicated iPhone. Within hours, the crypto security community split into camps. Trezor CCO Danny Sanders fired back, defending the device class that has secured billions in self-custodied assets. As a trader who has audited smart contracts and executed high-frequency arbitrage on Uniswap V2, I treat this as a threat model problem—not a brand war. Precision in audit prevents chaos in execution. Let me dissect the technical claims, the hidden assumptions, and the real risk that neither side wants to address.
Context: The Battlefield of Self-Custody
Hardware wallets like Trezor and Ledger have been the gold standard for cold storage since 2013. They isolate private keys from internet-connected devices, using secure elements (or less common open-source chips) to sign transactions. ZachXBT, known for exposing crypto fraud, argued that these devices are inherently flawed due to supply chain attacks, firmware vulnerabilities, and physical extraction risks. He pointed to the iPhone's Secure Enclave, Face ID, and locked-down ecosystem as a stronger foundation. Trezor's Sanders countered that hardware wallets undergo rigorous third-party audits and that years of real-world usage prove their viability.
This is not a new debate. The underlying tension: hardware wallets rely on physical isolation but are vulnerable to physical attacks; iPhones rely on software isolation but expose users to digital attack surfaces. Both camps claim superiority, but neither provides a systematic threat model. Based on my experience analyzing Terra's collapse in 2022, I know that emotional decision-making blinds traders to structural risk. Let's apply the same logic here.
Core: Technical Scrutiny of the Arguments
ZachXBT's claim lacks public technical evidence. He did not disclose specific vulnerabilities or attack vectors. However, we can infer his concerns from existing literature. Hardware wallets face at least four attack classes:
- Supply chain attacks: An adversary compromises the device before it reaches the user—e.g., by replacing firmware or installing a malicious chip. This is hard to detect without tamper-evident seals or open-source verification.
- Side-channel attacks: Power analysis, electromagnetic emissions, or timing differences can leak key material. Some models (like Trezor One) lack a secure element, making them more susceptible.
- Physical extraction: Sophisticated attackers can decap the chip and read the flash memory. This requires specialized equipment and physical access, but it is possible.
- Firmware exploits: Bugs in the wallet's code can allow remote attackers to exfiltrate keys if the device is connected to a compromised host.
Dedicated iPhones mitigate some of these by relying on Apple's Secure Enclave (a dedicated hardware key manager) and mandatory code signing. The attack surface shifts from physical to digital: phishing, zero-day iOS exploits, and app-based malware become the primary vectors. To achieve ZachXBT's recommended setup, a user must maintain a second iPhone with no SIM, no iCloud, no third-party apps, and use only encrypted communication channels. This is an operational nightmare.
Bold conclusion: Neither solution is inherently secure. The choice depends on your threat model. For a trader like me, who needs rapid access to order books and decentralized exchanges, a hardware wallet connected to a clean laptop is more practical than maintaining a separate phone. For a long-term hodler storing a life-changing amount, a multi-signature setup with geographically distributed signers—using both hardware wallets and air-gapped phones—is the correct approach.
From a financial standpoint, the cost is also relevant. A Trezor Model T costs roughly $200. A dedicated iPhone 15 Pro is $1,000. For a trader managing a six-figure portfolio, that cost is negligible. For a retail investor, it is a barrier. This raises the question: Is ZachXBT's advice practical for the average user? No. It is tailored for high-net-worth individuals or those under specific threats (e.g., organized crime, state surveillance). The majority of users who lose funds do so because of phishing, poor opsec, or centralized exchange failures—not because their hardware wallet was physically compromised.
Contrarian: The Real Blind Spot
The crypto community focuses on the device itself, but the bigger risk is the human layer. I have seen traders secure their private keys with a hardware wallet, then store the seed phrase in a digital note on their main phone. Or they reuse passwords across exchanges. Or they trust a single point of failure. The ZachXBT vs Trezor debate is a distraction from the fundamental truth: self-custody is a process, not a product.
Consider the 2020 DeFi leverage cycle. I made $150K on Uniswap V2 arbitrage, only to lose 40% in a flash crash because I ignored slippage controls. That was a process failure, not a tool failure. Similarly, the most secure hardware wallet cannot protect you from a SIM swap attack if you use SMS 2FA on your exchange account. The most locked-down iPhone cannot protect you from social engineering that tricks you into loading a malicious dApp.
Furthermore, the debate ignores the institutional perspective. Since the Bitcoin ETF approvals in 2024, I have pivoted to align with institutional flows. Large custodians like Coinbase Custody and Fidelity use multi-party computation (MPC) and hardware security modules (HSMs)—not single hardware wallets. For retail, the migration toward MPC wallets (e.g., ZenGo, Fireblocks' self-custody offering) represents a middle ground: no single point of failure, no dedicated hardware. This trend will likely accelerate, rendering both the hardware wallet and dedicated iPhone arguments obsolete for mass adoption.
Takeaway: Actionable Price Levels for Your Security Budget
The market is sideways, and chop is for positioning. Use this debate to audit your own security stack. Ask yourself three questions: - What is my threat model? (Casual trader vs targeted individual vs corporate entity) - What is my budget for security? (Time, money, operational complexity) - What is my exit plan if my device fails or is compromised?
Based on my 2017 audit experience with Bancor's smart contracts, I learned that code is law—but only if you verify it. Hardware wallets are the same: trust no one, verify everything. Check the bootloader integrity, verify the firmware hashes, never enter your seed phrase into a computer. If you choose the dedicated iPhone route, document every setup step and test recovery. Precision in audit prevents chaos in execution.
Final judgment: ZachXBT's criticism is valid as a thought experiment but dangerous as a blanket statement. Trezor's defense is correct in principle but lacks the nuance to address advanced physical attacks. The real winner? Multi-sig and MPC, which distribute trust and remove single-point-of-failure. As a battle trader, I follow the flow of value—and institutional money flows toward redundancy, not binary choices. The next time you secure your keys, remember: risk management is not about the device. It is about the person holding it.
Precision in audit prevents chaos in execution. That is the only rule that matters.