Onchain investigator ZachXBT criticized hardware wallets as 'complete garbage' and called Ledger the worst among major providers, following a theft on January 10 where a victim lost more than $282 million worth of Bitcoin and Litecoin in a social-engineering scam. The attack involved approximately 2.05 million LTC and 1,459 BTC, with the attacker converting stolen funds into Monero through instant exchanges and using Thorchain to move Bitcoin across networks, according to reports by Wu Blockchain and The Defiant. ZachXBT's statement challenges the common crypto security recommendation to use hardware wallets, arguing that these devices do not protect users from operational security failures, phishing attacks, supply-chain leaks, or social-engineering tactics.
ZachXBT highlighted the January 10 theft after The Defiant reported that a hardware-wallet user lost more than $282 million worth of Bitcoin and Litecoin. The attack involved about 2.05 million LTC and 1,459 BTC. The attacker reportedly converted stolen funds into Monero through instant exchanges and used Thorchain to move Bitcoin across networks. ZachXBT's comments, reported by Wu Blockchain and reshared on X, came after he examined the theft details. The reported attack was described as a social-engineering scam rather than a cryptographic break of a hardware device.
In January, Bit2Me reported that ZachXBT warned of a Ledger-related data exposure involving Global-e, an external payment processor used in Ledger's sales process. The breach exposed personal information such as names, emails, phone numbers and physical addresses. The report noted that users' private keys and funds were not directly compromised. Ledger has faced years of scrutiny over phishing campaigns, counterfeit devices, fake Ledger Live applications and its Ledger Recover feature. The company has repeatedly said its devices are designed to keep private keys secure.
ZachXBT's criticism focuses on operational security gaps rather than device cryptography. Hardware wallets are marketed as safer than software wallets because they keep seed phrases and transaction signing isolated from internet-connected devices. However, ZachXBT argues that hardware devices cannot stop users from entering seed phrases into phishing sites, approving malicious transactions, buying counterfeit devices or becoming targets because their personal data was exposed through vendors or payment processors. Once criminals know that a person purchased a hardware wallet, they can target them with tailored phishing emails, fake support messages, SIM-swap attempts or physical intimidation. For large holders, ZachXBT's assessment suggests that self-custody requires multisignature wallets, separate signing devices, address allowlists, transaction simulation, dedicated offline machines and strict rules against entering seed phrases anywhere except on the device itself.
What did ZachXBT say about hardware wallets? ZachXBT called hardware wallets 'complete garbage' and said he does not advise using them, calling Ledger the worst among major providers, according to social-media posts reported by Wu Blockchain.
How much cryptocurrency was stolen in the January 10 theft ZachXBT referenced? A victim lost more than $282 million worth of Bitcoin and Litecoin in a social-engineering scam on January 10, involving approximately 2.05 million LTC and 1,459 BTC, according to The Defiant's report citing ZachXBT.
What personal information was exposed in the Ledger data breach? The breach through Global-e payment processor exposed names, emails, phone numbers and physical addresses of Ledger customers, though users' private keys and funds were not directly compromised, according to Bit2Me's report on ZachXBT's warning in January.
Related News
Ostium suspends trading due to a suspected oracle attack; estimated losses are about $22 million
Bitcoin OG wallet dormant for 7 years awakens; 2,931 BTC transferred to a new wallet instead of an exchange
Noxa Fi’s official X account was hacked, and multiple users’ wallets have been drained.
Crypto Forensics Recovers $34B as AI Scams Hit $17B in 2025