Loading market data...

Transaction Blindness Cost Crypto Billions in 2026, ZachXBT Pitches Dedicated iPhone Over Hardware Wallets

Transaction Blindness Cost Crypto Billions in 2026, ZachXBT Pitches Dedicated iPhone Over Hardware Wallets

Crypto's biggest hacks this year didn't involve stolen private keys — they happened when attackers tricked users into signing malicious transactions. Bybit lost $1.5 billion. Radiant Capital lost $50 million. Both fell to what security researchers call transaction blindness: signing what looks legitimate but isn't. This week, on-chain sleuth ZachXBT argued that a dedicated iPhone offers better security than a hardware wallet, reigniting a debate over the safest way to store crypto.

The transaction blindness problem

Hardware wallets isolate private keys from internet-connected devices, but they can't stop a user from signing a bad transaction. Attackers manipulate what appears on the screen — a process described in a five-step flowchart — so the signer approves a transfer to the wrong address or a contract that drains funds. The vulnerability isn't in the key; it's in the interface. Bybit and Radiant Capital both lost money this way.

In April 2026, a fake Ledger application on the Mac App Store stole $9.5 million from over 50 victims, according to ZachXBT. That attack exploited trust in a known brand, not a flaw in the hardware itself.

Why a dedicated iPhone?

ZachXBT's argument hinges on Apple's Secure Enclave, which stores NIST P-256 keys. But Bitcoin and Ethereum use secp256k1, so wallet apps often generate signatures in software, not inside the Secure Enclave. That means a dedicated iPhone isn't a perfect solution — it still relies on the app's code. Still, the idea is that a phone used only for crypto, with no other apps or browsing, reduces the attack surface compared to a hardware wallet that connects to a compromised computer.

The tradeoff is clear: hardware wallets protect against remote key extraction, but they don't protect against transaction blindness. A dedicated iPhone shifts the risk but doesn't eliminate it.

New standards and policy wallets

Several projects are trying to fix the signing problem. ERC-7730, a standard developed by Ledger and now governed by the Ethereum Foundation, aims to translate raw contract calls into human-readable language. If a wallet can show you exactly what you're signing — not just a hash — the attack window shrinks.

Trail of Bits proposed adding restrictions into smart contract wallets: spending limits, allowlists, withdrawal delays, and separate keys for spending versus policy changes. Chainalysis's Hexagate product simulates transactions against a policy before signing. These tools treat the approval step as the danger zone, not the key storage.

The scale of wallet compromises

Chainalysis counted roughly 158,000 individual wallet compromises in 2025, affecting 80,000 victims and totaling $713 million in losses. That's just the reported number. Many smaller thefts go unnoticed. The industry is still searching for a standard that balances security with usability — and the debate over hardware wallets versus dedicated phones is part of that search.

For now, the next concrete step is wider adoption of clear-signing standards like ERC-7730. Whether that happens before the next billion-dollar exploit is an open question.