ZachXBT says an old iPhone beats any hardware wallet for storing crypto. Tornado Cash developer Roman Storm agrees, but says one missing feature breaks the whole iPhone wallet plan.
That feature is the BIP39 passphrase. It is a secret extra word that hides your real wallet behind an empty one.
The One Feature the iPhone Wallet Plan Is Missing
The on-chain investigator’s frustration has a track record behind it. Bybit lost $1.5 billion in February 2025 after attackers tricked its signers into approving a bad transaction. The keys stayed safe. The money is still left.
“All hardware wallets are complete garbage and I do not advise using them for important tasks like signing transactions or storing funds. Much better to have a separate iPhone with its only purpose being to use as your hardware wallet,” ZachXBT noted.
Follow us on X to get the latest news as it happens
Storm liked the idea. However, his reply comes with a warning.
“I’d agree – if there were actually a mobile app with BIP39 passphrase support.”
Here is why that matters. Your seed phrase is 12 or 24 words, usually written on paper. Add a passphrase, and those same words open a completely different wallet.
So a thief who finds the paper sees an empty account. One UK holder lost roughly $172 million after his Trezor recovery phrase appeared on home CCTV. A passphrase would have made that recording worthless.
The threat is growing, too. Chainalysis logged 158,000 personal wallet compromises in 2025, nearly triple 2022’s count. Those attacks hit 80,000 victims for $713 million. Moreover, one seed phrase vulnerability alone drained $3.1 million this month.
Hardware Wallets Have It. Mobile Wallets Don’t
Storm listed the split. Trezor, Ledger, Coldcard, Keystone, and BitBox all support passphrases. Meanwhile, MetaMask has ignored requests since 2021. Trust Wallet skips it, too. Rabby only offers it on desktop, leaving AirGap Vault as the lone mobile option.
His fix is simple. Mobile wallets should support passphrases and air-gapped signing, so the phone never connects to the internet. Trail of Bits research backs the same principle of capping losses when keys leak.
There is a downside, though. Casa co-founder Jameson Lopp warned in an interview that people often lose their passphrases and lock themselves out forever.
The threat is not just thieves. Hong Kong can already force travelers to unlock phones and wallets at the border.
Trezor Pushes Back on the Phone-as-Vault Plan
Trezor is not conceding the point. Like Storm, Danny Sanders, the company’s chief commercial officer, praised ZachXBT’s detective work but rejected the swap.
Sanders argued that phones are general-purpose devices with too many doors. Zero-click exploits are a documented reality, he noted.
A hardware wallet also acts as an independent second screen. If a phone is compromised, nothing separates checks from what you sign.
He added that creating seed words on a phone risks iCloud backups and clipboard leaks. Even the battery works against the plan. An iPhone stored for years can degrade, and reviving it needs Apple’s activation servers and an Apple ID.
Storm, who awaits a retrial in his Tornado Cash case, put the ball in wallet makers’ court. If MetaMask or Trust Wallet adds the field, millions of old phones could become real crypto vaults.
The post Using an iPhone as Crypto Wallet? ZachXBT and Roman Storm Weigh In appeared first on BeInCrypto.
