ZachXBT called them "trash for high-value targets." Trezor’s head of communications, Danny Sanders, responded with a defensive, almost apologetic tone: "We acknowledge there are areas where we could improve." That exchange, buried in a Twitter thread, is not a PR spat. It is a diagnostic signal of a much deeper structural problem in the blockchain security stack.
Here is the data: hardware wallets like Trezor have been the gold standard for self-custody for over a decade. Yet a growing chorus of security experts, including ZachXBT and Tornado Cash co-founder Roman Storm, argues that these devices are not only insufficient for sophisticated users but may actually create a dangerous false sense of security.
Let me step back. I’ve been auditing smart contracts since 2017. I personally found the integer overflow in the Parity Wallet multisig that the core team patched within 48 hours. That experience taught me one thing: trust is a variable I solve for, never assume. When I look at the hardware wallet debate, I see a system designed for a threat model that no longer matches reality.
Context: The Self-Custody Narrative and Its Flaws
Hardware wallets occupy a critical niche in the blockchain ecosystem. They are the physical bridge between digital assets and human control. The premise is simple: private keys never leave the device, transactions are verified on a secure display, and the whole package is sealed from internet-borne attacks. This has driven a multi-billion dollar market, with Trezor and Ledger dominating.
But the narrative has shifted. In the DeFi summer of 2020, I deployed $150,000 into a compound strategy using ETH collateral for dToken and sToken yields. I built a Node.js dashboard to monitor liquidation thresholds. The complexity was immense. The same complexity now haunts hardware wallet users who interact with DeFi protocols. The signature you confirm on that tiny screen may authorize a flash loan attack or a drain. The screen shows what it shows, but the user doesn’t see the full logic.

Roman Storm, who faces ongoing legal pressure for building code, pointed out that mobile wallets still lack proper support for BIP39 passphrases and air-gapped signing. That is not a minor oversight. It is a structural deficiency in the entire mobile ecosystem. And hardware wallets, by design, are not nimble enough to fill the gap.
Core: The Mechanical Reality of Hardware Security
Let me break this down into the mechanics, not the marketing.
Attack Surface: A hardware wallet has four exposure points: physical device, firmware, software companion (like Trezor Suite), and the user. The first three are manageable with diligent updates and supply chain checks. The fourth is the wildcard.
Supply Chain Risk: I write from experience. In 2017, I traced function calls through a Python script to find the Parity bug. That was code. Hardware is worse. If a chip is compromised at the factory, no amount of firmware verification guarantees your keys haven’t been exfiltrated. Trezor does have authenticity checks, but they are not foolproof.

User Error: This is where the real damage occurs. ZachXBT’s criticism is not that the hardware can be broken with a laser or a side-channel attack—though both are possible. His argument is that high-value targets often make mistakes: they sign a malicious transaction after a phishing email, or they store the seed phrase in a cloud backup. The hardware wallet does not protect against that. It only protects against remote key extraction, which is the least common attack vector.
Liquidity Reality Check: In 2021, I ran a bot-arbitrage on Bored Apes. I bought five NFTs at $150k average and sold during the FOMO peak for a 300% markup. Then the floor collapsed and I liquidated the rest at a 60% loss. The lesson: liquidity is the oxygen of leverage. Hardware wallets do not provide liquidity. They provide storage. When you need to exit fast, the hardware wallet adds friction—unlocking, connecting, confirming. In a black swan event, that friction can be costly.
During the Terra/UST crash in 2022, I monitored the peg using a custom Rust-based validator node and shorted UST on a DEX, making $85,000. I saw firsthand how complex financial engineering fails under stress. Hardware wallets, as pure storage, are orthogonal to that failure. But they are not immune. If a protocol you interact with has a backdoor, your hardware wallet simply signs the death warrant.
Contrarian: The Counter-Intuitive Truth About the Debate
The contrarian angle is not that ZachXBT is wrong. He is right. But his rightness may actually be good for Trezor and for the industry. Here is why:
Pressure Drives Innovation: Trezor’s defensive response signals they are listening. The next generation of hardware wallets will likely support air-gapped signing, multi-sig integration, and better contract verification. That is a direct outcome of this public shaming.
Segmentation: The market is bifurcating. Retail users who hold small amounts and rarely transact are perfectly safe with a hardware wallet. The threat model for them is exchange collapse, not nation-state attacks. For high-value targets—whales, fund managers, developers—the single hardware wallet is insufficient. They need multi-sig setups with hardware components, cold storage for the majority, and a separate, hot wallet for daily use.
The Real Risk is Complacency: The most dangerous thing a hardware wallet does is give you a false sense of security. You think you are safe, so you stop verifying transactions. You stop checking the address on the screen. You relax. That is when the phishing attack works. The debate forces users to reassess their own security posture.
From my own trading history: after the NFT floor collapse, I shifted to delta-neutral hedging using CME futures for volatility premiums. I stopped relying on a single tool. Security is not a feature; it is the foundation. The foundation must be layered.
Takeaway: The Future of Self-Custody
This debate signals a structural shift. The hardware wallet will no longer be marketed as the single solution. Instead, we will see the rise of composable security stacks: hardware + multi-sig + social recovery + air-gapped verification.
I trade the structure, not the story. The structure of this debate tells me that the industry is maturing. The simple narrative of "buy a hardware wallet and you are safe" is dead. What replaces it is more complex, but also more honest.
Here is my forward-looking judgment: within two years, Trezor will release a product line specifically for power users. It will feature native support for BIP-119 (taproot), advanced contract verification, and integration with multi-sig wallets like Safe. The retail line will remain simple, but the messaging will change: "This device protects against remote theft. It does not protect against your mistakes.”
And if you are a high-value target, ask yourself: are you solving for the threat model that actually applies to you? Or are you hiding behind a brand name?
Trust is a variable I solve for, never assume.