More

    Is using an old iPhone safer than a crypto hardware wallet? ZachXBT thinks so

    ZachXBT recently argued that a dedicated iPhone offers better security than a hardware wallet, a line of reasoning that already splits crypto’s security community.

    Both devices are fundamentally signing devices, and the real vulnerability crypto has spent a decade building around lives in what a valid signature gets to do once it exists.

    Hardware wallets address the moment when malware might extract a private key directly from an internet-connected computer, providing real and effective isolation.

    Crypto’s largest recent losses occurred at a different point in the same chain: the moment a user approves the transaction.

    When the key stays safe and the money moves

    Attackers stole roughly $1.5 billion from Bybit by manipulating what the signers saw on their screens, collecting legitimate signatures for a transaction the signers believed was routine.

    The hardware wallets involved couldn’t display enough of the transaction’s meaning for anyone to catch the swap before approving it.

    Radiant Capital lost roughly $50 million in the same way months earlier, when developers using hardware wallets signed a malicious transaction during a workflow that looked completely normal on their screens.

    The key can stay safe while the money still movesThe key can stay safe while the money still moves
    A five-step flowchart traces how manipulated interfaces produced valid signatures in the Bybit ($1.5B) and Radiant Capital ($50M) thefts.

    In both cases, the failure sat in what those signatures authorized.

    Chainalysis counted roughly 158,000 individual wallet compromises in 2025, affecting 80,000 victims and totaling $713 million in losses, a mix of attack types spanning far more than any single device category.

    The scale is still wide enough to show that key isolation covers only part of the self-custody problem.

    Where the iPhone argument gets complicated

    A dedicated iPhone brings a hardened operating system, app sandboxing, biometric locks, and a screen large enough to show more than a hardware wallet’s tiny display.

    It can also operate completely independently of the email, messaging, and browser extensions running on someone’s main device.

    A purpose-built hardware wallet still isolates its key through silicon designed for that job. Apple’s Secure Enclave signs with NIST P-256 keys, while Bitcoin and Ethereum use a separate standard, secp256k1.

    That gap means a typical BTC or ETH wallet app tends to use the Secure Enclave to guard access to encrypted wallet material, with the blockchain signature generated elsewhere in the software stack, depending on how each wallet is built.

    Apple’s review process still lets bad wallet software through occasionally. A fake Ledger application that bypassed the Mac App Store’s review was linked to over $9.5 million in thefts from over 50 victims in April 2026 on Mac, as ZachXBT found.

    Security model What it protects well Where it still fails Best use case
    Hardware wallet Keeps private keys isolated from internet-connected computers Small screens and limited transaction context can make complex signing hard to verify Cold storage, simple transfers, long-term Bitcoin custody
    Dedicated iPhone Cleaner environment, strong OS sandboxing, biometrics, larger display Wallet implementation matters; bad apps and software compromise remain possible Active wallet with limited funds and readable transaction flows
    Clear signing Makes contract calls easier to understand before approval Still depends on the user noticing danger and refusing DeFi, token approvals, complex smart-contract interactions
    Policy wallet Limits what valid signatures can authorize Adds smart-contract and governance complexity Treasuries, protocol multisigs, high-value active wallets
    Vault + operating wallet split Separates large balances from daily activity Requires discipline and setup complexity Serious self-custody with capped active risk

    Clear signing fixes the display problem

    The industry’s current answer is ERC-7730, which lets protocols supply machine-readable instructions that translate a raw contract call into plain language, replacing an opaque hash with the assets, permissions, and intent behind a transaction.

    Ledger helped build the standard and has now handed its governance to the Ethereum Foundation, aiming to make it a standard the whole wallet industry shares.

    CryptoSlate Daily Brief

    Daily signals, zero noise.

    Market-moving headlines and context delivered every morning in one tight read.