Have they ever plugged into the same Mac (at different times)?
What IOS versions are they each running?
Are they using a third party password manager?
Are either or both developers or hackers?
I can't think of anything else, other than perhaps they are pranking you?
The key thing is to practice practice practice.
Take the pressure off by saying the first three months are just fun times, meant to experiment and play around and he shouldn't worry about losing data or anything else. Tell him you can't break the phone by changing settings, but he has to use it X minutes a day.
Discuss with him that we learn best by trying and failing. Toddlers don't learn to walk with a manual. The key is to fail a lot. Challenge him to fail 100 times and laugh about it.
Start with the simplest video game or texting with you while you are in the room to get him comfortable with the device.
It is much better to teach him one thing that he repeats daily than to try to teach him a dozen new things in one day that he will forget in three days and lose confidence. He might find it useful to make a list of things to practice every day until the muscle memory clicks in. It will be satisfying for him to cross them off when the realization that "I'll never forget that" sets in.
Show him youtube and google on his computer (if he has one) and then on his phone and explain how he can find answers to his questions there without bugging anyone.
Let him watch you do simple things on your phone slowly while you narrate what you are doing. He needs to hear the language of what things are called or he won't even be able to ask for help.
Don't feel too bad if he does "bin it". Your odds here aren't great, tbh. Unlike toddlers most adults don't like to fail and get back up. If he's been anti-technology he has convinced himself that he is bad at it and it has become a self-fulfilling prophesy. Most don't find it easy to overcome those psychological barriers.
Best of Luck. You are a good grandchild!
There is a feature in Settings in iOS 17 (and maybe earlier) called AirDrop Passwords.
Maybe they were screwing around with this?
Is it possible one friend had access to the other's phone and transferred them (by accident playing around or otherwise) and is lying now to protect himself?