Loading prices…
〽️NEUTRAL

ZachXBT: dedicated iPhone beats hardware wallet for crypto security

The argument reframes the threat: Bybit lost $1.5B and Radiant $50M not because keys leaked, but because valid signatures authorized the wrong thing, a gap ERC-7730 and policy wallets are now trying…

ZachXBT's latest thread argues that a dedicated, hardened iPhone offers stronger real-world crypto security than a hardware wallet, a take that has split the self-custody community. The claim lands as crypto's biggest recent losses keep coming from a different layer of the signing chain than the one hardware wallets were built to protect.

Attackers stole roughly $1.5 billion from Bybit by manipulating what multisig signers saw on their screens, collecting legitimate signatures for a transaction the signers believed was routine. Radiant Capital lost roughly $50 million months earlier when developers using hardware wallets signed a malicious transaction during a workflow that looked completely normal. In both cases the private keys stayed safe; the hardware wallets simply could not display enough of the transaction's meaning for anyone to catch the swap before approval.

Why it matters

Chainalysis counted roughly 158,000 individual wallet compromises in 2025 affecting 80,000 victims and totaling $713 million in losses, a figure that shows key isolation alone covers only part of the self-custody problem. A dedicated iPhone adds a hardened OS, app sandboxing, biometric locks, and a screen large enough to show readable transaction context, while a purpose-built hardware wallet still isolates the key through silicon designed for the job. Apple's Secure Enclave signs with NIST P-256 keys, though, and Bitcoin and Ethereum use secp256k1, so wallet apps typically use the Secure Enclave to guard encrypted wallet material while the blockchain signature is generated elsewhere in the software stack.

The industry's structural answer is ERC-7730, which lets protocols supply machine-readable instructions that translate a raw contract call into plain language before signing. Ledger helped build the standard and has now handed its governance to the Ethereum Foundation. Trail of Bits has proposed extending the fix by building restrictions directly into smart contract wallets, with daily spending limits, allowlisted destinations, withdrawal delays, and a cancel window before a transaction finalizes.

Related tokens
$BTC $ETH

Frequently asked questions

  1. Why does ZachXBT say an old iPhone is safer than a hardware wallet?

    He argues crypto's biggest recent losses came from valid signatures authorizing the wrong transaction, not from keys leaking. A dedicated iPhone offers a hardened OS, app sandboxing, biometrics, and a large enough screen to show readable transaction context that small hardware-wallet displays cannot.

  2. How did attackers steal $1.5 billion from Bybit if the keys stayed safe?

    Attackers manipulated what multisig signers saw on their hardware-wallet screens and collected legitimate signatures for a transaction the signers believed was routine. The hardware wallets involved could not display enough of the transaction's meaning for anyone to catch the swap before approval.

  3. What is ERC-7730 and why does it matter?

    ERC-7730 is a standard that lets protocols supply machine-readable instructions translating a raw contract call into plain language before signing. Ledger helped build it and has now handed governance to the Ethereum Foundation, aiming to make clear signing the norm across wallet software.

  4. What is a policy wallet and how does it limit losses?

    A policy wallet enforces restrictions on what valid signatures can authorize, including daily spending caps, allowlisted destinations, withdrawal delays on large transfers, and a cancel window before a transaction finalizes. A setup capping daily transfers at $100,000 to approved addresses with a 24-hour delay above…

  5. Does Jameson Lopp still recommend hardware wallets for cold storage?

    Yes. Lopp continues to recommend dedicated hardware for cold Bitcoin storage, arguing that pulling the key off any internet-connected device closes off a wide range of remote attacks. The debate now treats cold storage and active transaction signing as two separate problems needing different solutions.

Source attribution
Aggregated from CryptoSlate · Verified · Last refreshed 59m ago
Open original →