
An NFC hardware wallet is a smartcard-sized device that signs transactions when you tap it against a phone, using the same short-range radio (13.56 MHz) found in contactless bank cards. Bluetooth hardware wallets use a persistent wireless link that operates over much greater distances. NFC is generally considered the safer wireless option because it requires near-contact proximity (a few centimeters), powers on only during the tap, and exposes no persistent pairing channel for attackers to probe.
NFC hardware wallets communicate through ISO 14443, the same contactless protocol used in passports, transit cards, and chip-enabled credit cards. The phone's NFC reader generates a 13.56 MHz electromagnetic field. When the card enters that field (typically within 4 cm), it harvests enough energy to power its secure element, receive commands, process them on-chip, and return a response.
There is no battery inside the card. There is no persistent radio. The moment you pull the card away, it loses power entirely.
The actual signing flow uses ISO 7816 APDU (Application Protocol Data Unit) commands tunneled over the NFC link. Here is the simplified sequence:
The critical security property: The private key never leaves the card. The host device sees only the resulting signature. This is fundamentally different from a software wallet, where the key exists in phone memory and could be extracted by malware.
Trade-off: NFC requires close physical proximity, which means you need your phone in hand and the card nearby. You cannot sign remotely. That constraint is also its strength, since an attacker cannot intercept the transaction from across the room.
Boundary: NFC by itself does not provide a trusted display. The card signs whatever hash the phone sends. A compromised phone app could alter the transaction before handing it to the card. Devices that add their own screen (like companion signers with QR or contact-based interfaces) address this gap.
Bluetooth (specifically Bluetooth Low Energy, BLE) is the other common wireless option in hardware wallets. Products like the Ledger Nano X use BLE to pair with a phone or laptop, enabling signing without a USB cable. The convenience is real, but the security and practical trade-offs are meaningful.
Beyond security, Bluetooth introduces distinct practical friction for the user:
BLE signing devices still perform on-device signing using a secure element, so private keys are not transmitted over the air. The Bluetooth channel carries transaction data and signatures, not raw key material. Paired with a strong secure element and PIN verification, a BLE wallet still provides meaningful protection against remote key theft.
The honest assessment: Bluetooth is not inherently broken, but it adds protocol surface area and physical maintenance that NFC avoids entirely. For users who prioritize minimizing wireless attack vectors and avoiding dead batteries, NFC or fully air-gapped (QR-based) signing offers a tighter, lower-maintenance security boundary.
| Attribute | Keycard (NFC card) | Ledger Nano X (BLE) | Coldcard Mk4 (USB/microSD) | Trezor Model T (USB) |
| Wireless protocol | NFC (ISO 14443, 13.56 MHz) | Bluetooth Low Energy | None | None |
| Effective range | ~4 cm (near-contact) | ~10 m | N/A | N/A |
| Battery required | No (field-powered) | Yes (rechargeable) | Yes (USB or battery) | No (USB-powered) |
| Persistent radio | No (powers on only during tap) | Yes (when enabled) | No | No |
| Secure element | EAL6+ NXP JCOP4 P71 | Secure element (proprietary) | Secure element | No dedicated SE (Model T) |
| Source model | Fully open source (MIT) | Partly closed firmware | Partly open source | Open source |
| On-device display | No (card alone); yes (with Shell) | Yes (OLED) | Yes (OLED) | Yes (touchscreen) |
| Air-gapped option | Yes (Shell, camera plus QR, ERC-4527) | No | Yes (microSD) | No |
Keycard occupies a distinct niche. The card itself is an NFC hardware signer with no network connectivity, no Bluetooth, no Wi-Fi, and no battery. For users who want a trusted display and a full air gap, the Keycard Shell adds a screen, keypad, and camera for QR-based signing using the ERC-4527 standard. The private keys still live exclusively on the Keycard's EAL6+ secure element (the NXP JCOP4 P71), and the Shell stores nothing when the card is removed.
The credit-card form factor has practical advantages beyond security. A card fits in a standard wallet, draws no attention, and carries no branding or crypto identifiers. Keycard is water-resistant, dust-resistant, and X-ray-resistant, with a rated lifespan exceeding 20 years. There is no battery to degrade, no screen to crack, and no moving parts. Carrying your signing device becomes as routine as carrying an ID card.
Keycard works with over 15 wallets including MetaMask, Rabby, Sparrow, Nunchuk, BlueWallet, Status, and others, with no proprietary companion app required. Connection paths include NFC (mobile tap-to-sign), USB HID via a standard smartcard reader, and QR codes through the Shell for fully air-gapped workflows.
Is NFC safe for signing cryptocurrency transactions?
NFC is widely considered safe for transaction signing because it requires near-contact proximity (about 4 cm), powers the card only during the tap, and does not maintain a persistent connection. The private key never leaves the secure element. The main residual risk is trusting the host device to display the correct transaction details, which a companion device with its own screen can mitigate.
Can someone intercept my NFC signal and steal my keys?
No. The secure element performs signing on-card and returns only the signature, never the private key. Even in the unlikely scenario that an attacker captured the NFC communication, they would obtain a signed transaction hash, not key material. Replaying or reusing that signature for a different transaction is cryptographically infeasible.
Is Bluetooth less secure than NFC for hardware wallets?
Bluetooth introduces a larger attack surface due to its greater range (10+ meters), persistent pairing state, and complex protocol stack. Multiple BLE vulnerabilities have been publicly disclosed over the years. Furthermore, Bluetooth setups often suffer from awkward pairing, connection losses, and require an internal battery that can die. NFC avoids all of these by operating only at near-contact range with no persistent radio or battery required. That said, BLE wallets with strong secure elements still protect private keys from extraction.
Does Keycard work without Bluetooth or Wi-Fi?
Yes. Keycard has no Bluetooth, Wi-Fi, or cellular radio. It communicates via NFC (tapping against a phone), ISO 7816 contact interface (USB smartcard reader), or QR codes when used with the Keycard Shell. This eliminates wireless attack vectors beyond the momentary NFC tap.
What happens if I lose my NFC hardware wallet card?
A lost Keycard is protected by a 6-digit PIN with a configurable retry limit. An attacker who finds the card cannot extract keys from the EAL6+ secure element. You can restore your wallet on a new Keycard by entering your recovery seed phrase. For physical redundancy, the same seed can be loaded onto multiple cards.
Can I use an NFC hardware wallet with desktop computers?
Yes. Keycard supports ISO 7816 contact communication through a standard USB smartcard reader, which requires no special drivers. The Keycard Shell also connects to desktop wallets like Sparrow and Specter via QR codes over the air-gapped camera path.
What makes Keycard different from other NFC wallets?
Keycard runs on an NXP JCOP4 P71 secure element with EAL6+ Common Criteria certification, the same class of chip used in passports and bank cards. Its firmware is immutable by design, removing firmware-update attack vectors. The entire codebase, including the Shell's firmware, bootloader, and hardware schematics, is open source under the MIT license with reproducible builds. And Keycard requires no proprietary app, working directly with 15+ third-party wallets.
Do I need the Keycard Shell to use the Keycard?
No. The Keycard works independently as an NFC hardware signer with any compatible mobile wallet. The Shell adds a trusted display, physical keypad, and camera for QR-based air-gapped signing, which is valuable when you want to verify transaction details on a screen you control rather than relying solely on the phone.
Is an NFC hardware wallet truly air-gapped?
An NFC card by itself is not air-gapped, because it communicates via electromagnetic radio during the tap. It is more precisely described as a hardware signer with no network connectivity. True air-gapped signing requires an optical channel. The Keycard Shell achieves this through its camera and QR code interface using the ERC-4527 standard, with no USB data, Bluetooth, or Wi-Fi involved.