On-chain investigator ZachXBT posted this week that an old iPhone — wiped and kept offline — is a better crypto storage device than any hardware wallet. The statement, made on social media, reignited an old argument about the trade-offs between convenience and security in self-custody. Roman Storm, the Tornado Cash developer awaiting retrial, agreed with the premise but pointed out a critical gap: no mobile wallet supports BIP39 passphrases, the extra word that can hide a wallet's real funds behind a decoy.
The case for an offline phone
ZachXBT's logic is straightforward: a dedicated, never-online phone can't be phished or remotely exploited if it's never connected to the internet. He argued that the attack surface of a hardware wallet's USB or Bluetooth connection is larger than a properly air-gapped device. Trail of Bits research backs the principle of capping losses when keys leak — but only if the phone stays truly offline. The problem, as Roman Storm noted, is that the industry's most basic privacy feature isn't available on mobile.
The missing passphrase
BIP39 passphrases aren't a niche feature. They're the difference between a thief who finds your seed phrase walking away with everything, and one who finds an empty wallet. A UK holder lost roughly $172 million last year after his Trezor recovery phrase appeared on a home security camera. A passphrase would have made that recording worthless. Chainalysis counted 158,000 personal wallet compromises in 2025 — nearly triple the 2022 figure — hitting 80,000 victims for $713 million. One seed phrase leak alone drained $3.1 million this month. Hardware wallets from Trezor, Ledger, Coldcard, Keystone, and BitBox all support passphrases. The mobile landscape is different: MetaMask, Trust Wallet, and Rabby (desktop-only) don't. AirGap Vault is the lone mobile option that does.
A different view from Trezor
Trezor's chief commercial officer Danny Sanders rejected the iPhone idea outright. Phones are general-purpose devices, he said, pointing to zero-click exploits, the lack of an independent second screen, iCloud backup risks, clipboard leaks, and battery degradation that forces periodic activation-server checks. “A phone is not a hardware wallet,” he said. Jameson Lopp, Casa co-founder, added a different warning: people lose their passphrases all the time and lock themselves out permanently. Hong Kong can also force travelers to unlock phones and wallets at the border — a risk that doesn't apply to a hardware wallet with a strong PIN.
A practical impasse
Roman Storm suggested a middle ground: mobile wallets should add passphrase support and allow air-gapped signing so the phone never touches the internet. No developer has announced that feature yet. Meanwhile, the debate highlights a deeper tension in self-custody — the security of a simple seed phrase is eroding as theft techniques get smarter, but the fix (a passphrase) isn't available on the devices most people use daily. Storm himself is waiting for a retrial in his Tornado Cash case, a reminder that the legal landscape around crypto tools is just as unsettled as the technical one.




