ads
bc-game

ZachXBT criticizes hardware cryptocurrency wallets and reignites the debate over self-custody

3 min read
PortalCripto
ZachXBT criticizes hardware cryptocurrency wallets and reignites the debate over self-custody
Source: rc.xyz NFT gallery/Unsplash — ZachXBT criticizes hardware cryptocurrency wallets and reignites the debate over self-custody
Give preference to us on Google
Advertisement

Hardware wallets returned to the center of the debate among cryptocurrency experts after on-chain investigator ZachXBT stated that these devices are not the best option for users who move large amounts. The statement quickly sparked reactions from developers, companies in the sector, and security researchers, reigniting the discussion about best practices for self-custody.

The criticism was initially published on his Telegram channel and presented a forceful position on the use of these devices.

"Hot take: All hardware wallets are complete garbage and I do not recommend using them for important tasks such as signing transactions or storing funds," he wrote.

Afterward, ZachXBT stated that an iPhone dedicated exclusively to wallet management could offer a superior experience to most solutions currently available. The investigator directed criticism especially at Ledger.

"Ledger is the worst and Ledger Live gets regular interface/app updates for no apparent reason, which ends up breaking simple actions," ZachXBT stated.

In another post, this time on X, he explained that users responsible for high-value transactions often face obstacles such as drained batteries, mandatory firmware updates, unexpected changes to app interfaces, and failures on platforms that prevent the signing of multisig operations within the expected timeframe.

The statements quickly resonated among digital security experts. Axel Bitblaze agreed with part of the criticism of hardware wallets, but noted that using only a smartphone also creates a single point of failure, since all assets would depend on a single device and a single seed phrase.

As an alternative, he suggested a 2 of 3 multisig setup, using independent devices to sign transactions. He also recommended storing the seed phrase offline, testing the entire setup in advance before moving large amounts, and keeping wallets intended for daily use separate from those used for long-term investments.

The debate gained another chapter with the participation of Roman Storm, co-founder of Tornado Cash. Although he agreed with the logic presented by ZachXBT, he highlighted that mobile wallets still lack adequate support for BIP39 passphrases, a feature considered important to add an extra layer of protection during self-custody.

Hardware wallet manufacturers also responded to the criticism. Trezor argued that smartphones run full operating systems, expanding the attack surface for attackers. According to the company, dedicated devices keep private keys isolated from internet-connected environments, significantly reducing risks.

Keystone Wallet adopted a middle-ground position. The team acknowledged that ZachXBT "was not wrong" in advocating for an isolated phone, but emphasized that most users tend to achieve a higher level of security by using devices developed exclusively to store cryptocurrencies, since a smartphone requires constant discipline to remain protected.

Ledger did not respond directly to the criticism, but published a message reinforcing its security model.

“A private key that never comes into contact with the internet cannot be targeted by phishing, deepfake, or erased by code injection,” they wrote. “That is the whole premise of hardware.”

Despite this, the debate also highlighted that no method completely eliminates risks. A case recorded at the beginning of this year resulted in the loss of approximately US$ 282 million in Bitcoin and Litecoin after a social engineering scam, demonstrating that human failures continue to be one of the main challenges for those who keep custody of their own cryptocurrencies.

Tags
Advertisement