Charles Hoskinson Claims Your Phone Will Replace Hardware Wallets
Cardano founder Charles Hoskinson surprised attendees at Consensus 2026 by asserting that future generations of crypto wallets will be embedded directly into smartphones. An audacious claim that refocuses the debate around digital asset security at the heart of the industry.
A Statement That Divides the Industry
During his Consensus 2026 appearance, Hoskinson said users should probably never hold their own private keys, adding that something should hold those private keys on behalf of users. An assertion that challenges the core dogma of self-custody as understood since Bitcoin’s earliest days.
Hoskinson went further, claiming that secure chips embedded in iPhones, Android devices and Samsung products actually outperform those found in Ledger and Trezor hardware wallets. If accurate, billions of users already carry significantly more secure signing hardware in their pockets than the specialized devices they purchase separately.
The hardware wallet industry immediately pushed back. Advocates for dedicated devices argue these products offer complete physical isolation, impossible to replicate on a phone permanently connected to the internet.
Apple’s Secure Enclave and Android Equivalents
Understanding Hoskinson’s argument requires examining the technologies offered by major smartphone manufacturers. Apple equips its devices with a Secure Enclave chip, a subsystem fully isolated from the main processor. This chip protects sensitive data even if an attacker has compromised the application processor kernel.
On the Android side, Keystore supports hardware-backed keys that can remain non-exportable, bound to a Trusted Execution Environment or secure element. StrongBox implementations go further by adding a dedicated CPU and further isolation for the most sensitive cryptographic operations.
Samsung offers Knox hardware-backed key protection through TrustZone, a technology that creates a secure partition in the processor. The DualDAR solution adds extra encryption layers for managed work profile data. Hoskinson described Knox as a separate operating system with separate hardware circuits, which would significantly strengthen key isolation.
The Limits of Hoskinson’s Argument
Despite the power of secure chips embedded in smartphones, experts highlight a fundamental flaw in the reasoning. A compromised application or operating system might be unable to extract a key stored in a secure element while still being able to use it directly on the device to sign malicious transactions.
The Bybit incident perfectly illustrates this risk. Analysis by CertiK revealed that attackers deceived signers into authorizing a fraudulent transaction, even though the private key had never left the hardware wallet. The weak link remains the human factor and transaction verification, not key protection alone.
Hardware wallet manufacturers also noted that some of their recent devices now include secure elements. Trezor, for example, integrated secure elements into its Safe 3, Safe 5 and Safe 7 models. The argument that hardware wallets lack secure silicon would therefore be outdated for part of the market.
Current Adoption Metrics
Industry figures show a profound shift in usage patterns. There are currently 5 billion active passkeys globally according to FIDO, with 75 percent of consumers having enabled at least one passkey. The smart wallet phenomenon, driven by Ethereum’s EIP-4337, enabled 26 million smart wallets with 170 million UserOperations processed.
These figures illustrate massive adoption of simplified signing technologies, but also the emergence of new threats. AI-assisted scams generate 4.5 times higher returns than traditional scams, raising questions about adapting wallet security mechanisms to new forms of attacks.
AI Agent Integration
The architecture emerging to address security challenges centers on what Hoskinson calls bounded delegation. An AI agent can be authorized to spend within preset limits and time periods without ever accessing the master private key.
Base’s Spend Permissions frames this model as a core use case. Coinbase AgentCore Payments and AWS stablecoin agent tooling implement budget controls with full audit logs. This approach directly addresses the needs of users who wish to automate certain crypto interactions without compromising the security of their main funds.
Two Scenarios for 2028
The industry could evolve along two distinct trajectories by 2028. In the optimistic scenario, representing 70 to 85 percent of new retail users, wallets will solve intent UX with standardized spend caps, revocable delegation and clear approval prompts. Seedless onboarding will become the default setting, with account abstraction moving from advanced feature to baseline.
In the pessimistic scenario, representing 20 to 35 percent of the retail market, mobile signing incidents, phishing and confusing recovery mechanics will continue producing losses. Users will return to exchanges after losing funds, and mobile wallet manipulation attacks will be labeled as hacks when they result from user errors.
