CZ says private keys must never leave hardware wallets

Changpeng Zhao, better known as CZ and famed founder of Binance, laid down what he described as a “non‑negotiable” security principle for hardware wallets. He cautions that the private key must never leave the device under any circumstances. 

In an X post replying to an executive, CZ praised a particular hardware wallet he reviewed in a social media post for adhering to that standard — but emphasised that the on-device isolation of private keys was not a “nice to have,” it was the “decisive criterion” for security-minded users. CZ also pointed out that any wallet should be viewed sceptically if it is unable to ensure that the private key never leaves the device.

The comments follow CZ’s and gold advocate Peter Schiff’s sparring over what should back digital money during a headline debate at Binance Blockchain Week on Thursday in Dubai.

CZ highlights hardware wallets as the frontline defense against hacks

For many crypto users and traders, hardware wallets — sometimes referred to as “cold wallets” — are the gold standard of security, as they store private keys offline, away from internet-connected devices that are susceptible to hacking.

Under CZ’s definition, this isolation must be absolute, meaning the key must remain inside the hardware device at all times. The CZ’s focus reflects how the entire cryptocurrency ecosystem is increasingly concerned about such security threats, alongside the security hurdles posed by phishing, malicious malware, and hacking. 

As more and more users transition to decentralized finance (DeFi) platforms and Web3, private key exposure has become the Achilles’ heel. Concentrating on hardware wallet key isolation, CZ is exposing a fundamental flaw that many may overlook. 

More broadly, this clear need also follows a best practice within the cryptocurrency industry. Hardware wallets are based on certified, tamper-resistant chips, never leak private keys externally, and those are still among the safest ways to cold-store them.

CZ sounds alarm as crypto adoption rises and self-custody risks grow

The timing of CZ’s comment is striking. In 2025, the industry is expected to expand rapidly as more users are introduced to cryptocurrency and begin to consider self-custody solutions, such as hardware wallets or keyless wallets offered by exchange/wallet vendors. 

However, with ever-greater focus comes a more significant potential threat. Hackers, scammers, and malicious actors frequently target wallet backups, seed phrases, and private keys, especially when these keys are stored or managed improperly. For CZ, by striking a hard line, with “private key must never leave the device,” the fragility of self-custody and the high bar for safe implementation are underscored. 

CZ had long been a prominent advocate of self‑custody, but also a realist. He has previously cautioned that if users misplace their keys or backups, the results of poorly managed self‑custody can be catastrophic. 

Most leading crypto experts have been vocal about the importance of self-custody and hardware wallet security, echoing the same refrain as Binance CEO’s stance that private keys must never leave the device. The principle is one Andreas M. Antonopoulos has long advocated for, cautioning that money on an exchange or custodial system is automatically vulnerable, with the mantra “not your keys, not your Bitcoin.” 

Get up to $30,050 in trading rewards when you join Bybit today