Loading prices…
STKR NewsSTKR News0 of 3 free this month
Markets

Trezor exec pushes back on ZachXBT claim that hardware wallets are ‘complete garbage’

Hardware wallets are facing a reputation crisis after ZachXBT called them garbage. I break down why the trust gap is growing and what builders need to do next.

Originally on The Block
AB

Adrian Boysel

Contributor

Jul 17, 2026

5 min read

Photo illustration / STKR News

The Trust Anchor is Dragging

In the crypto world, we’ve spent years telling everyone that if it isn’t your keys, it isn’t your coins. The hardware wallet was supposed to be the final word in that argument. You buy a plastic rectangle, you write down some words, and you sleep soundly knowing your digital assets are physically isolated from the chaos of the internet. But the narrative is shifting, and not in the direction most manufacturers would like.

Recently, the on-chain sleuth known as ZachXBT—someone who spends more time looking at stolen funds than almost anyone else in this space—called hardware wallets complete garbage. He specifically advised against using them for critical tasks like signing transactions or long-term storage. When someone with that kind of track record throws stones, the industry needs to stop and look at the glass house we’ve built.

Trezor executives have stepped up to defend the category, arguing that hardware remains the gold standard for personal security. But this isn't just a PR spat between a security researcher and a product lead. It’s a fundamental disagreement about what security actually means in a world where phishing attacks and social engineering have become more sophisticated than the underlying smart contracts.

The Argument Against the Box

ZachXBT’s skepticism doesn’t come from a place of hating technology. It comes from a place of seeing tech fail people every single day. The problem with a hardware wallet isn't necessarily the chip inside it; it’s the false sense of security it provides to the human holding it. We’ve seen countless instances where a user faithfully plugs in their device, confirms a transaction on a tiny screen they can barely read, and unknowingly signs away their entire balance to a malicious drainer.

For a founder or a builder, the hardware wallet can become a single point of failure. If you believe the device is unhackable, you might be less diligent about the dApps you interact with or the permissions you grant. The device protects the private key, but it doesn't always protect the user from their own bad decisions. This is likely what drives the garbage classification: the gap between what the product promises (total safety) and what the user experiences (getting drained anyway).

The Defense of the Discrete Chip

Trezor’s response is predictable but necessary. They argue that without these devices, the alternative is keeping funds on a hot wallet or a centralized exchange. In their view, hardware wallets provide an essential layer of separation. The key never touches the internet-connected PC, which means a simple keystroke logger or a standard browser exploit can't wipe out a user's life savings.

From a builder's perspective, this is still a strong argument. If you are building a protocol, you don't want your private keys sitting in a text file on a MacBook. You want them in a dedicated environment. The hardware wallet is essentially a specialized computer designed to do one thing and one thing only. Even if the broader security landscape is a mess, having a dedicated physical barrier is objectively better than not having one at all.

The User Experience Trap

The real issue, and why I tend to lean into the skeptical side of this debate, is the UX. Most hardware wallets are still incredibly clunky. They feel like 90s technology trying to secure 21st-century assets. When the interface is difficult to use, people make mistakes. When people make mistakes, they lose money. When they lose money while using your security product, they blame the product.

Hardware wallets provide a false sense of security if the user doesn't understand the transactions they are signing. The hardware is a tool, not a shield.

We are seeing a rise in specialized multi-sig setups and institutional-grade custody solutions for a reason. Founders are realizing that a single Trezor or Ledger in a desk drawer isn't a security plan—it's a prayer. If you're building a startup in this space, relying on a consumer-grade hardware wallet for your treasury is probably a mistake. You need redundancy, you need multisig, and you need a process that doesn't rely on one person's physical device.

What Builders Should Take Away

If you are building the next generation of crypto infrastructure, take note of this controversy. The market is screaming for better security abstractions. We shouldn't be asking users to be security experts who can decode hex data on a two-inch monochrome screen. Here is how I see the path forward:

  • Abstract the Complexity: Smart contract wallets and account abstraction (ERC-4337) are the real future. We need the ability to revoke permissions and set spending limits that don't depend on a physical toggling of a button.
  • Transparency is Mandatory: If you are manufacturing hardware, open source isn't a feature; it's a requirement. Users need to know exactly what is happening inside the black box.
  • Layered Security: Stop treating the hardware wallet as the final boss of security. It’s just one layer in a stack that should include multi-party computation (MPC) and social recovery.

Reframing the Value Proposition

Hardware wallets aren't garbage in the sense that they are useless. They are highly effective at what they were designed to do: keeping a private key off a networked machine. However, they are failing to address the modern threats of the industry. The threat isn't someone stealing your seed phrase from your trash; the threat is you being tricked into signing a malicious signature.

As builders, we have to stop selling the lie that one piece of hardware makes you safe. We need to build systems that assume the user might make a mistake. The pushback from ZachXBT is a wake-up call for the industry to move beyond the plastic dongle and start building real, resilient security frameworks.

In my view, the hardware wallet remains a tool for the hobbyist and a component for the professional, but it is no longer the comprehensive solution. If you want to protect your project and your users, look toward multi-sig and programmable security. The era of the single-device hero is over.


Read the original at The Block →

The Brief

Stay Updated on Cutting-Edge Tech

A six-minute morning dispatch on the markets and the technology shaping them.

Free. No spam. Unsubscribe anytime.

Write for STKR

Become a Contributor

Earn $STKR for published stories on markets, protocols, and culture.

  • Earn $STKR for every published piece
  • Editorial support from the STKR desk
  • Byline visibility across the network
  • First look at the upcoming creator program
Apply to Write

Keep reading

All stories

Comments

24 reader responses