Ted Stevenot
Stephen Hall
How does the bitcoin source code define its 21 million cap?
Many of bitcoin’s staunchest critics have expressed doubt about its 21 million cap, but perhaps the most mindless criticism relates…
,A Faraday bag can protect bitcoin hardware wallets from two primary threats: radio waves and electromagnetic pulses. Whether Faraday bags are an essential tool for securing your hardware wallet(s) depends on your threat tolerance. Here, we discuss what Faraday bags are, how they’re used to secure bitcoin hardware wallets, and the reasons why you might want to use one.
What is a faraday bag?
Invented by Michael Faraday in 1836, a Faraday cage is an enclosure used to block radio frequency (RF) and electromagnetic (EM) fields. A Faraday bag (sometimes called an “RFID bag” or “EMP bag”) is just a small version of a Faraday cage.
Faraday bags are typically used for smaller devices in order to protect data and devices from damage, unauthorized communication, and to protect privacy.
- Radio wave frequencies present risks like side-channel attacks where an attacker attempts to exploit either radio wave leaks surrounding a device or its remote connectivity features, such as Bluetooth or NFC integrations.
- Electromagnetic pulses are intense fields of electromagnetic energy that occur either via man-made means or naturally and can damage unprotected electronic devices, including hardware wallets.
Faraday bags are widely available and can cost as little as $10. The bags themselves are typically constructed with thick copper-foil enclosures which prevent the transmission of electromagnetic signals—oftentimes a military-grade form of protection.
They’re also a more effective means of isolation than putting a device in airplane mode. In the modern era, many electronic devices aren’t even turned off fully unless their battery is removed, but a Faraday bag can effectively isolate even a battery-connected device.
Do you need a faraday bag for your hardware wallet?
The main factor determining your choice to use a Faraday bag for your bitcoin hardware wallet is your own threat tolerance. It is safe to say that, in general, for overall bitcoin security, Faraday bags are a fairly low priority. This is the case because hardware wallets can fail for many more reasons than just a side-channel attack or an EMP—for example, software bugs, hardware failure, physical damage (fire or flood), accidental (or unexpected) reset, hardware wallets being lost or stolen, and more.
Higher priority security steps for your bitcoin include taking self-custody (in the first place), geographically distributing keys through multisig, maintaining secure seed-phrase backups, and keeping your hardware wallet’s firmware up to date.
Still, you should never put yourself in a position where the loss or failure of a hardware wallet could prevent you from accessing your funds. If you consider RF side-channel attacks and excessive EMF radiation to be potential risks that your hardware wallet may be exposed to in the future, then a Faraday bag is for you.
Risk factors that might cause you to consider a Faraday bag
There are several risk factors that could cause you to consider using a Faraday bag for your hardware wallet. Some examples include: your hardware wallet has wireless connectivity, using a seedless self-custody setup, and taking your hardware wallets to physical locations with a higher risk of EMP exposure.
Your hardware wallet has Bluetooth, NFC or other wireless technology
Hardware wallets with Bluetooth, NFC, or other built-in wireless technology can pose a small security risk via side-channel attacks. Though attackers have a very limited opportunity to interfere with your hardware wallet through such gateways, it’s possible that vulnerabilities in these devices could be discovered in the future.
If you are traveling with your hardware wallet or spending time with it in public in places such as airports, highly-populated metropolitan areas, or other crowded places, using a Faraday bag can offer you additional security and peace of mind.
Seedless self-custody setups
Some types of multisig self-custody setups are “seedless,” meaning the backup seed phrase to your hardware wallet(s) is not saved. Often this occurs in larger multisig quorums, such as 3-of-5, where five keys are used to construct the wallet and three are required to spend. If executed perfectly, such setups can be more secure than 2-of-3 multisig wallets, but their added complexity and operational security challenges often necessitate trade-offs. As a result, and to reduce complexity, some people choose to not backup seed phrases and destroy them entirely.
When this is the case, ensuring that the hardware wallets used to construct a 3-of-5 multisig wallet will not be destroyed or rendered useless by an EMP is important. Because of this reason among others, it is our belief that 2-of-3 multisig is preferable to 3-of-5. It is our position that 2-of-3 multisig setups, where seed phrases are properly secured, is a far better approach and that you should always secure your seed phrases, regardless of your bitcoin custody approach.
You are at higher-risk for EMP exposure
Do you travel or work somewhere where your hardware wallet may face higher risk of exposure to electromagnetic radiation—such as airports, airplanes, highly secured areas, certain manufacturing sites, or military facilities? If so, storing your hardware wallet in a Faraday bag offers you an added layer of protection. Further, EMPs are sometimes used in warfare. So, if you travel with your hardware wallet to or live in a war-torn area, storing your hardware wallet in a Faraday bag is a smart idea.
For most, the risk is low
For most people the risks of not securing hardware wallets in Faraday bags is low. We could find no confirmed cases of either attackers being able to successfully interfere with hardware wallets wirelessly, nor any recorded examples of electromagnetic pulses that resulted in a loss of bitcoin funds.
Hardware wallets are designed to secure private keys in such a way that they cannot be exported from the hardware wallet itself—even when you use them to sign transactions with a wired connection (such as a USB cable). As a result, it’s unlikely that a wireless attack could successfully extract private keys from a hardware wallet.
If you’re still concerned about eliminating such risks, a 2-of-3 multisig setup with geographically separated hardware wallets—where your seed phrases are properly backed up and secured—represents a more comprehensive solution. With multisig, you protect yourself from a broad array of potential single points of failure, well beyond EMP and RF risks.
And even if an attacker were able to compromise one of your hardware wallets remotely, they would still be unable to access your funds as a minimum of two signatures are required to spend.
First, take self-custody
While faraday bags may be worth considering depending on your threat tolerance, they’re far less important than taking your real first step—which is to take self-custody of your bitcoin. Once that’s behind you, you can open the door to a whole new journey toward achieving greater individual sovereignty and more enduring security for your bitcoin funds.