Currencies38189
Market Cap$ 2.28T-0.58%
24h Spot Volume$ 30.28B-16.7%
DominanceBTC56.25%-0.18%ETH9.92%+0.54%
ETH Gas0.17 Gwei
Cryptorank
/

Is using an old iPhone safer than a crypto hardware wallet? ZachXBT thinks so


Is using an old iPhone safer than a crypto hardware wallet? ZachXBT thinks so

Share:

AI Overview

ZachXBT and others argue a dedicated iPhone can rival hardware wallets for crypto security because larger displays, app sandboxing and biometrics can reduce signing ambiguities that have driven major DeFi and exchange breaches. Recent attacks exposed the signing problem — Bybit lost roughly $1.5 billion and Radiant Capital $50 million, while Chainalysis counted about 158,000 wallet compromises in 2025 affecting 80,000 victims and $713 million in losses and a fake Ledger Mac app tied to over $9.5 million stolen. Industry fixes like ERC-7730 clear signing, policy wallets with caps (example: $100,000 daily limits and 24-hour delays), Trail of Bits proposals and Chainalysis' pre-signing checks aim to constrain valid signatures and improve self-custody security, though experts still recommend cold hardware for long-term Bitcoin custody.

Bearish

Predictions Markets

See what traders are focused on

View analytics →
Prediction Banner

ZachXBT recently argued that a dedicated iPhone offers better security than a hardware wallet, a line of reasoning that already splits crypto's security community.

Both devices are fundamentally signing devices, and the real vulnerability crypto has spent a decade building around lives in what a valid signature gets to do once it exists.

Hardware wallets address the moment when malware might extract a private key directly from an internet-connected computer, providing real and effective isolation.

Crypto's largest recent losses happened at a different point in the same chain, the moment a user approves what the transaction does.

When the key stays safe and the money moves

Attackers stole roughly $1.5 billion from Bybit by manipulating what the signers saw on their screens, collecting legitimate signatures for a transaction the signers believed was routine.

The hardware wallets involved couldn't display enough of the transaction's meaning for anyone to catch the swap before approving it.

Radiant Capital lost roughly $50 million in the same way months earlier, when developers using hardware wallets signed a malicious transaction during a workflow that looked completely normal on their screens.

The key can stay safe while the money still moves
A five-step flowchart traces how manipulated interfaces produced valid signatures in the Bybit ($1.5B) and Radiant Capital ($50M) thefts.

In both cases, the failure sat in what those signatures authorized.

Chainalysis counted roughly 158,000 individual wallet compromises in 2025, affecting 80,000 victims and totaling $713 million in losses, a mix of attack types spanning far more than any single device category.

The scale is still wide enough to show that key isolation covers only part of the self-custody problem.

Where the iPhone argument gets complicated

A dedicated iPhone brings a hardened operating system, app sandboxing, biometric locks, and a screen large enough to show more than a hardware wallet's tiny display.

It can also operate completely independently of the email, messaging, and browser extensions running on someone's main device.

A purpose-built hardware wallet still isolates its key through silicon designed for that job. Apple's Secure Enclave signs with NIST P-256 keys, while Bitcoin and Ethereum use a separate standard, secp256k1.

That gap means a typical BTC or ETH wallet app tends to use the Secure Enclave to guard access to encrypted wallet material, with the blockchain signature generated elsewhere in the software stack, depending on how each wallet built it.

Apple's review process still lets bad wallet software through occasionally. A fake Ledger application that made it past the Mac App Store's review connects to over $9.5 million in thefts from over 50 victims in April 2026 on Mac, as ZachXBT found.

Security model What it protects well Where it still fails Best use case
Hardware wallet Keeps private keys isolated from internet-connected computers Small screens and limited transaction context can make complex signing hard to verify Cold storage, simple transfers, long-term Bitcoin custody
Dedicated iPhone Cleaner environment, strong OS sandboxing, biometrics, larger display Wallet implementation matters; bad apps and software compromise remain possible Active wallet with limited funds and readable transaction flows
Clear signing Makes contract calls easier to understand before approval Still depends on the user noticing danger and refusing DeFi, token approvals, complex smart-contract interactions
Policy wallet Limits what valid signatures can authorize Adds smart-contract and governance complexity Treasuries, protocol multisigs, high-value active wallets
Vault + operating wallet split Separates large balances from daily activity Requires discipline and setup complexity Serious self-custody with capped active risk

Clear signing fixes the display problem

The industry's current answer is ERC-7730, which lets protocols supply machine-readable instructions that translate a raw contract call into plain language, replacing an opaque hash with the assets, permissions, and intent behind a transaction.

Ledger helped build the standard and has now handed its governance to the Ethereum Foundation, aiming to make it a standard the whole wallet industry shares.

Trail of Bits has proposed extending the fix to a second stage, building restrictions directly into smart contract wallets so that a captured or mistaken signature moves only what the wallet's own rules allow.

The proposed toolkit includes daily spending limits, allowlisted destinations, withdrawal delays on large transfers, separate keys for everyday spending versus policy changes, and an emergency window to cancel a transaction before it finalizes.

Chainalysis's Hexagate product pushes the same idea for organizations, running pre-signing simulations that flag transactions against a company's own policy before anyone signs.

A policy wallet that caps daily transfers at $100,000 to approved addresses reduces failures, and adding a 24-hour delay to anything above that cap can bring the realistic loss close to zero if the attempt is caught in time.

This still leaves real gaps, and Bitcoin security specialist Jameson Lopp continues to recommend dedicated hardware for cold storage, since pulling a key off any internet-connected device closes off a huge range of remote attacks.

For straightforward Bitcoin storage with occasional transfers, that threat model stays about as clean as security gets.

Cold storage and active transaction signing have become two different problems now, each needing its own answer.

The next crypto wallet model: constrained authority
A flowchart contrasts an unrestricted-key model, where a valid signature risks the full balance, with a policy wallet checking amount, destination, and delay.

Constrained keys meet real attackers

If policy-enforcing wallets become standard for serious balances, smart accounts, spending caps, and pre-signing checks turn a valid signature into something short of unlimited authority.

Self-custody is looking like a programmable risk system, with theft capped by deliberate design.
If attackers adapt their phishing, fake apps, and social-engineering flows to the new interfaces, users end up approving clearer, better-labeled transactions that are still dangerous.

That outcome would prove that showing people more information solves less than restricting what a valid key can do.

Pure self-custody meant a valid key could move everything on command. The wallets built next may trade some of that instant control for a way to contain a mistake before it becomes a total loss.

The post Is using an old iPhone safer than a crypto hardware wallet? ZachXBT thinks so appeared first on CryptoSlate.

Read the article at CryptoSlate

In This News

Predictions Markets

See what traders are focused on

View analytics →
Prediction Banner

Share:

In This News

Predictions Markets

See what traders are focused on

View analytics →
Prediction Banner

Share:

Read More

US turns stablecoin issuer Tether into a financial weapon against Iran, freezing nearly $500 million

US turns stablecoin issuer Tether into a financial weapon against Iran, freezing nearly $500 million

US authorities have used Tether’s control over its dollar-linked stablecoin to freeze...
Is a Bitcoin whale from 2018 about to cash in after awakening to transfer $188 million?

Is a Bitcoin whale from 2018 about to cash in after awakening to transfer $188 million?

The 2,931 BTC balance moved twice and still sits in an unlabeled second-hop address w...