The cold wallet debate has taken a strange turn. In February 2025, after the $1.5 billion Bybit exploit, on-chain detective ZachXBT casually tweeted: “Stop buying hardware wallets. A clean, offline iPhone is safer.” Tornado Cash developer Roman Storm seconded, adding: “Hardware wallets are overrated. They lack BIP39 passphrase support. A dedicated phone can do everything better.”

Within 48 hours, the crypto security community split into two camps. One hailed the move as long-overdue pragmatism. The other — led by Trezor’s security lead — called it “a recipe for catastrophic user error.” The discussion, published by Protos, has since become a litmus test for how we define “self-custody” in 2025.
As a blockchain engineer who audited Uniswap V2’s invariant logic in 2020 and later simulated Solana’s stake-weighted fee market to quantify centralization vectors, I’ve learned one thing: code executes exactly as written, not as intended. The same principle applies to security setups.
Let’s dissect this proposal. Not as a fanboy, but as a forensic auditor.

Context: The BIP39 Passphrase and The Mobile Wallet Gap
For the uninitiated: BIP39 passphrase is an optional password that, when combined with a 12- or 24-word seed, generates a brand new wallet. Know the seed but not the passphrase? You see an empty wallet. Both seed and passphrase? You access the real funds.
This creates plausible deniability. If border agents force you to unlock your phone, you enter the seed alone — they see a decoy wallet. The real wallet, hidden behind the passphrase, remains invisible.
Most hardware wallets (Trezor, Ledger) support BIP39 passphrases. But most mobile wallets — MetaMask, Trust Wallet, Rainbow — do not. Roman Storm pointed out this exact flaw. He said, “If MetaMask won’t support it, that’s fine. Many phones already can.”
The argument is seductive: reuse an old iPhone, factory reset it, never connect it to the internet, use it solely for signing transactions via camera or NFC. The phone’s Secure Enclave acts as a hardware security module. No separate device needed. No $200 investment.
But is a general-purpose smartphone truly a substitute for a dedicated hardware wallet? The answer lies not in theory, but in the practical risk vectors that theory conveniently ignores.
Core: A Systematic Teardown of the iPhone Wallet Assumption
1. The User Execution Fallacy
ZachXBT’s assumption is that every user can execute “perfect isolation.” He forgets: his threat model is not your threat model. In my 2022 Terra/Luna collapse analysis, I calculated precisely how much capital inflow was required to maintain the peg under stress. The math was clean. The humans were not. People panic. They forget. They plug their phone into a friend’s laptop to charge.
An offline iPhone still needs battery. Over years, the battery degrades. You must recharge it. If you plug it into a compromised USB port (e.g., at a coffee shop), a zero-click exploit can still take over the device. Yes, iOS is hardened — but not air-gapped. The phone must eventually connect to something to receive or send signed transactions. Even via QR code, the signing phone is one malicious link away from compromise if you ever accidentally grant it network access.
Probability does not forgive edge cases.
2. The Zero-Click Attack Surface
Trezor’s security lead explicitly warned: “iPhone has zero-click attack surfaces that we haven’t even discovered yet. Hardware wallets have a much smaller attack surface because they lack a general-purpose OS.”
He’s right. The Secure Enclave is a separate processor, but the iOS kernel is still exposed. If a nation-state actor targets you, a zero-click iMessage exploit can turn your “cold” phone into a hot wallet in seconds. The phone’s baseband processor (cellular modem) is also a known backdoor vector.
A Trezor or Ledger has no Wi-Fi, no cellular radio, no Bluetooth unless explicitly enabled. Its firmware is minimal. That’s not a feature — it’s the entire premise.
3. The BIP39 Passphrase Paradox
Storm’s main complaint is that mobile wallets lack passphrase support. But adding a passphrase introduces a massive user risk: forgetting it. Casa co-founder Jameson Lopp, a security veteran, said: “The amount of people who lose funds due to a forgotten passphrase is staggering. It’s the single biggest cause of permanent loss for advanced users.”
Consider the trade-off: a passphrase protects against physical seizure but introduces a single point of failure. If you lose it, your funds are gone forever. There is no recovery. No backup. The phone’s Secure Enclave cannot help you remember a 30-character random string.
Hardware wallets mitigate this by offering seed phrase recovery with passphrase entry on a separate screen. On a phone, the passphrase must be typed into the same touchscreen that could be running a keylogger via a compromised keyboard app.
Logic is binary; incentives are fractal. The incentive to use a passphrase is high; the incentive to back it up correctly is low.
4. The Apple Dependency Trap
A dedicated iPhone is not truly permissionless. Apple can revoke your Apple ID. If the phone gets lost and requires activation via Apple servers, you lose access. A hardware wallet — especially one with open-source firmware — can be recovered using any BIP39-compatible wallet, regardless of manufacturer.
Hardware wallets don’t depend on any corporation’s servers. Your seed works on any standard wallet. Your iPhone seed only works on an iPhone (or another device running the same app). That’s a lock-in risk.
5. The Scale Mismatch
ZachXBT claims the “mobile wallet” approach is cheaper. But a used old iPhone costs $100–$200 — comparable to a hardware wallet. Yet the hardware wallet comes with a dedicated screen, physical buttons, and a security guarantee that doesn’t rely on the user’s ability to maintain a sterile operating environment.
During my 2023 Solana transaction replay analysis, I simulated 10,000 transactions to prove that stake-weighted scheduling favored whales. The takeaway: structural bias emerges from design choices that look neutral on paper. Similarly, the iPhone wallet design biases toward expert users. For the other 99% of holders, it’s a trap.
Contrarian: What The Bulls Got Right
Despite the above, the debate is not one-sided. ZachXBT and Storm have exposed a real deficiency: the industry’s over-reliance on hardware wallets as a silver bullet.
Hardware wallets have their own attack surface. In 2024, vulnerabilities in Trezor’s bootloader were found. Ledger’s supply chain attack in 2020 compromised its customer database. And for high-net-worth individuals facing physical coercion (e.g., the Hong Kong border policy cited in the original article), a hardware wallet offers no plausible deniability because the device itself screams “I have crypto.”
The iPhone proposal, with BIP39 passphrase, provides exactly that — a decoy wallet. If you’re traveling to jurisdictions where “unlock your phone or go to jail” is a real threat, the ability to present a fake, low-balance wallet is priceless.
Software wallets that support passphrase (like AirGap Vault) are a middle ground. They run on phones but offer offline signing. They don’t require a separate hardware wallet. That’s a real improvement over MetaMask.
So the bulls are right: the mobile ecosystem should support BIP39 passphrase. But they are wrong to claim that an old iPhone is a direct replacement for a hardware wallet.
Takeaway: Accountability, Not Ideology
Security is not about who shouts louder. It’s about structured risk quantification. After auditing Uniswap’s invariant, simulating Solana’s fee market, and dissecting the Terra collapse, I’ve learned that the safest solution is the one that minimizes the product of (1) attacker capability, (2) user error probability, and (3) dependency on centralized third parties.
For 95% of users, a hardware wallet with a properly backed-up seed phrase remains the best baseline. For the 5% who face active state-level adversaries, a properly isolated phone with BIP39 passphrase can be a valuable addition — but only if they have the discipline to maintain cold storage 24/7.
The debate will continue. But let’s stop pretending that a used iPhone is a universal upgrade. It’s a specialized tool for a specialized threat model. And for every ZachXBT who can execute it, there will be a hundred users who lose everything because they forgot their passphrase or plugged into the wrong charger.
Certainty is a luxury; risk is the baseline. Choose accordingly.