At Consensus 2026, Cardano’s Charles Hoskinson argued that the future of crypto self-custody lies in the secure hardware already inside billions of smartphones. He claimed that the dedicated chips in iPhones, Androids, and Samsung devices outperform those in standalone hardware wallets like Ledger and Trezor, and that users should never need to handle private keys directly. His vision: a seedless, biometric-based wallet experience where the key is generated and stored on-device, never exportable, with users managing spending caps and delegated approvals instead.
This model is already taking shape. FIDO reports 5 billion active passkeys globally, with 75% of consumers using at least one. Coinbase’s smart wallet uses passkeys for recovery-phrase-free onboarding, and Ethereum’s account abstraction—via EIP-4337 and upcoming Pectra upgrades—enables programmable wallets with batching, gas sponsorship, and custom controls. The infrastructure for permission-based, agent-compatible wallets is scaling rapidly.
However, a parallel wave of mobile vulnerabilities is exposing the trust users place in third-party SDKs and operating systems. Microsoft disclosed a severe intent-redirection flaw in EngageSDK, affecting over 30 million wallet installations, while Google’s Threat Intelligence Group and Binance warned of “Darksword,” an iOS exploit chain that gives attackers full device control. These incidents underscore a structural problem: even audited apps can be gutted by stack failures outside their control.
In response, some teams are moving keys off phones entirely. Quantography Labs’ Lock.com platform separates transaction construction from signing, using a dedicated offline signer device that holds the seed. Transactions are passed via QR or Bluetooth, requiring explicit confirmation on the isolated unit. This architecture shrinks the blast radius of mobile exploits, trading some UX friction for a dramatic reduction in catastrophic loss risk.
Two trajectories emerge. If wallet intent UX evolves to earn consumer trust—with standardized spend caps, revocable delegation, and clear approval prompts—phone-primary self-custody could capture 70–85% of new retail users by 2028. If mobile signing incidents and phishing continue, that share may stall at 20–35%. The uncomfortable subtext is platform dependence: Apple, Google, and Samsung could become central gatekeepers in crypto’s security architecture, even if wallets remain technically non-custodial.
