Everyone covers ZachXBT Hardware wallet reviews this week are stuck on the same question: which device is more secure, the Ledger or the iPhone.
I think this is completely the wrong question. The one thing no one asks is what happens to that cryptocurrency the day someone no longer needs access to it. ZackXBT Posted on Telegram He doesn’t trust existing hardware wallets to sign important transactions or store large amounts of cryptocurrencies, and recommends a dedicated iPhone instead, a device used only for managing cryptocurrencies. He leveled his sharp criticism at Ledger, arguing that Ledger Live’s constant updates continue to break core functionality without any real benefit to users.
One device, one point of failure
This is what I keep coming back to. A dedicated, cryptocurrency-only iPhone is a clean idea on paper, but it centralizes everything—key storage, transaction signing, and recovery information—on a single physical object that only one person understands how to operate. Hardware wallets, whatever their flaws, are built around a seed phrase model designed specifically for persistence: something that can be codified, secured, and handed over if the original owner is unavailable. The phone-only setup quietly breaks this model. Unless someone documents the exact configuration, tests the recovery process, and shares it with someone they trust, that iPhone becomes a vault that only one person on Earth knows how to open. I think this is a bigger risk than any bug in the Ledger Live update, and almost no one covering this story has mentioned it.
Incidents beyond timing
This debate did not come out of nowhere. The fake Ledger Live app leaked to the App Store in April and drained $9.5 million from victims before it was caught. In January, one person lost $282 million in a hardware wallet social engineering scam, one of the largest single thefts on record. ZachXBT’s argument is not that the hardware itself is broken. The problem is that the surrounding ecosystem, the apps, the impersonation risks, and the phishing surface, keeps failing people over and over again. It was also clear that this was an advanced user directive, not a mass migration plan. I think this warning is more important than it’s given. Advanced users are exactly the people who are most likely to already have a documented recovery plan. Everyone else follows this advice without anyone quietly sharing the same single point of failure I’m describing, just on a different device.
What the security community actually discussed
The reaction was lively, with the most helpful response coming in, as a security-focused user agreed that today’s hardware wallet experience is really bad, with regular UI updates and software changes breaking core functionality often enough to make the whole experience frustrating.
They mention leaning away from Ledger toward Tresor for this reason, while acknowledging that Tresor isn’t perfect either. What caught my attention most was their perspective on what a hardware wallet actually protects beyond offline storage: the ability to ensure that what you log on an online device exactly matches what appears on the wallet’s own screen. This verification step is the part that the single-device setup completely abandons, and I think it deserves more attention than the brand-versus-brand argument that has dominated most of this week’s coverage.
Planning for recovery is something most people skip altogether
If someone follows ZachXBT’s advice, recommending an iPhone instead of Android makes sense given Android’s more fragmented security landscape. Storing backups of seed statements offline, rather than as screenshots located on the same device used for transactions, remains essential no matter what setup someone chooses. But none of this addresses the harder question. Where is the backup for this seed statement actually located? Who knows it exists. What happens if the phone is lost, damaged, or its owner is unavailable for a long time. Using a separate, dedicated device for trading is… A strong security habit on its own, Committing to it puts someone ahead of most cryptocurrency holders. It is not a substitute for a documented plan beyond the ability of the original owner to operate this equipment personally.
Mobile verification gap
There’s a smaller but related point worth noting: Smaller mobile interfaces often display less information during a transaction than a desktop screen, making it easier to miss a phishing site or a mismatched address. The laptop setup tends to provide more context while signing, although mobile remains the default for most people day in and day out. This gap exacerbates the single-point-of-failure problem, since the phone-only setup now carries both custody risks and reduced visibility risks simultaneously.
Why does this debate need a harder question?
ZachXBT’s advice makes sense for the security researcher who understands exactly where his keys are and how to recover them. It makes much less sense to someone who hasn’t also written a recovery plan, tested it, and shared it with someone they trust. The real question this debate should have raised is not which devices are more secure today. This is what happens to that money the day you no longer need access to it. This is the part of self-custodial culture that hasn’t been solved yet, and I think it deserves as much attention as any hardware wallet brand that’s currently out of favor.
Disclosure: This is not trading or investment advice. Always do your research before purchasing any cryptocurrency or investing in any services.
Follow us on Twitter @themerklehash To stay up to date on the latest Crypto, NFT, AI, Cybersecurity, and Metaverse news!




