Trezor defends hardware wallets amid ZachXBT security critique
Trezor's chief commercial officer has pushed back against claims that hardware wallets are useless, highlighting a core industry tension between crypto security and usability.
Blockchain investigator ZachXBT sparked the debate earlier this week by declaring on Telegram that "all hardware wallets are complete garbage, and I do not advise using them for important tasks like signing transactions or storing funds." He advised users to abandon the dedicated devices and instead use a separate iPhone exclusively for storing funds and signing transactions.
Danny Sanders, chief commercial officer of hardware wallet maker Trezor, publicly countered the assertion on Friday. While acknowledging the frustration, Sanders conceded that the industry struggles to balance security with usability. "I actually get it, and I agree that we have clunky solutions out there," he said, noting that firmware updates frequently disrupt urgent, high-value transactions.
Sanders argued that the critique generalized a problem primarily affecting sophisticated users managing massive sums. He warned that relying on a smartphone introduces significant vulnerabilities compared to dedicated hardware. "You have Wi-Fi and Bluetooth and iMessage and cellular," Sanders said. "Even generating your keys on a wallet on your iPhone is more risky than with a hardware wallet."
For retail and institutional investors managing their own digital assets, self-custody remains one of the most critical operational risks in the sector. Hardware wallets are specifically engineered to keep private keys isolated from internet-connected machines, offering a dedicated screen to verify transaction details before authorizing any transfers. Sanders maintained that for the average crypto holder, these devices remain the "strongest form of self-custody" currently available.
Roman Storm, co-founder of privacy protocol Tornado Cash, aligned more closely with ZachXBT's underlying premise. Storm argued that the real bottleneck is not hardware limitations, but a lack of advanced security features in mobile software applications. "ZachXBT’s got the right idea," Storm wrote. "There’s just nothing on mobile to actually do it with."
He specifically urged mobile wallet developers to implement BIP39 passphrases, which add an extra layer of protection to seed phrase backups. Storm also called for the adoption of air-gapped transaction signing, allowing users to authorize transfers without connecting to a network.