Coldcard Mk4 NFC Spec for developers

[witcher_sense]

...has been released recently https://raw.githubusercontent.com/Coldcard/firmware/master/docs/nfc-coldcard.md

# NFC and Coldcard Mk4

(Applies to Coldcard Mk4 only)

## Standards Background

NFC is a layer of protocols on top of ISO standards for short-range radio communications.

Unfortunately, both ISO and NFC Forum bodies are so poor they must sell their standards. Membership starts at a few thousand dollars, or you must buy each PDF for a few hundred dollars. Every singlething is behind a paywall.

This policy does not allow us to link to reference standards. Instead we have to hand-wave about our interpretation of their standards documents.

In our opinion, this policy is not in the public interest and is hindering adoption of their standards and even technological progress
in general. Good interoperability is critical with radio standards.


## Lower Layers

The Coldcard Mk4 has an chip that acts as a Type 5 NFC tag.  The radio standard is called "NFC-V" or ISO-15693, and operates on a
13.56 Mhz carrier wave.

The tag chip implements NFC standards to support reading and writing commands appropriate to a typical Type 5 tag.

Effectively it exposes a flash memory chip, of up to 8k Bytes insize. NDEF standards describes the organization of the data in that
memory. This document will describe what bytes are needed in those records.

## Security

All NFC features of the Coldcard can be disabled from the settings menu, and when that is done, the tag chip is completely disabled, and there is no way to probe, detect or access the Coldcard over RF. Even when NFC features are enabled, we keep the tag chip disabled unless we are actively sharing something. We disable the "energy harvesting" features of the chip, so it will not do anything when the Coldcard is powered-down, regardless of the NFC setting.

If the above is not enough for you, the antenna can be destroyed by cutting the trace labeled "NFC" inside the hole for the MicroSD
card. Use the point of a sharp knife to cut and peel up the trace.

The NFC traffic is not encrypted and is subject to eavesdropping. While the NFC feature is active, your Coldcard can be uniquely identified because the NFC protocol requires a unique ID (64 bits) that is defined by the NFC tag chip and shared automatically as part of the anti-collion protocol. Again, that happens only during active transfers, not when idle.

## Desktop Testing

Most USB-powered desktop contactless card readers will not work with the Coldcard because they do not implement NFC-V (ISO-15693).
Instead they are doing ISO-14443A or B.

Smartphones, on the other hand, all support NFC-V and they are the intended targets. Generic NFC tag reading apps can view the data
we share, and that may be enough to be useful. Our long-term goal is integration with mobile wallets.

# Types of Records

## Background

The "NDEF message" is a list of values ("NDEF records"). In most cases we share only a a single value, but for more complex object
data we will use multiple records. The order is not defined and may change. Each NDEF record has data-type information and a payload
of bytes.

If we can use "text" or "URI" records, we will, but we generally need our own Bitcoin-specific types.

We are using "NFC Forum Local Types" for new stuff. Other Bitcoin developers are welcome to use the same types as long as it doesn't
create interoperation problems.

Types are shown in full URN format (RFC 2141) but only the final two parts are sent as part of the NDEF record (ie. `bitcoin.org:psbt`).
We are using TNF=4 (NFC Forum external type) to communicate the prefix of `urn:nfc:ext:`

# Simple Data

## General QR Replacement

Anytime there is a QR displayed on the Coldcard screen, you can press (3) and the same data will be shared over NFC. In these cases,
it will be shared as a simple text record, regardless of the content.

Type: `urn:nfc:wkt:T` (text)

Body: varies, but always ascii text.

Many values can be exported this way, include xpub and even seed words after enough warning screens.

## Payment Address

This is typically a deposit address, generated on the Coldcard via the address explorer. We share these by themselves as simple text
records for max compatibility.

Type: `urn:nfc:wkt:T` (text)

Body: bech32 or base58 encoded Bitcoin payment address

If there are multiple addresses (10 shown for address explorer case) then they are separated by a single unix new line (`0x0a`).

# Complex Data

For Bitcoin-specific data we provide a few records together. The first is a label, then various binary data related to what's going
on (such as a PSBT file after signing).

## Text Label

Coldcard's first record will be a simple text record (English, UTF-8) that describes what is being shared.

Type: urn:nfc:wkt:T  (standard text)

Body: "Partly signed PSBT", "Deposit Address", "Signed Transaction" and similar.

Consider this a title for what's being offered for sharing purposes.

## SHA256 Checksum

When the Coldcard is sharing a larger object, such as a PSBT file, we know the SHA256 of that object, so we share that as well. This value can be ignored or used for end-to-end error detection. It does not protect against tampering.

Type: `urn:nfc:ext:bitcoin.org:sha256`

Body: Exactly 32 bytes of binary. It's the SHA256 over the main payload (PSBT file, for example).

If present, this value will always directly preceed the object (txn or PSBT) that it covers. NFC-V has CRC16 over each low-level message, but that's all.

## TXID Value

When sharing a fully-signed transaction, the TXID, if known, will beshared in hex.

Type: `urn:nfc:ext:bitcoin.org:txid`

Body: Exactly 32 bytes of binary.

The transaction ID is calculated as a hash over the transaction. Without signature witness data, it is simply SHA256 over the bytes of the transaction. For segwit transactions, it's a bit more complex to calculate.

## PSBT File

The payload is a binary PSBT file, per BIP-174. The PSBT may be unsigned, partly signed, fully signed or otherwise incomplete.

Type: `urn:nfc:ext:bitcoin.org:psbt`

Body: Binary PSBT file, variable length. First five bytes will be `psbt\xff`.


## Bitcoin Transaction

A fully-signed, wire-ready Bitcoin transaction.

Type: `urn:nfc:ext:bitcoin.org:txn`

Body: Binary, variable length. First four bytes will typically be
`0x02 0x00 0x00 0x00` (version number two, in LE32).

When the Coldcard has signed and finalized a transaction, it can share it in this format. Typically the user will want to broadcast
this new transaction on the Bitcoin P2P network.

# Examples

This section will include a number of examples, with analysis of the content.

- __comming soon__

[1714961804]

1714961804

[1714961804]

1714961804

[dkbit98]

...has been released recently https://raw.githubusercontent.com/Coldcard/firmware/master/docs/nfc-coldcard.md

This means that people should better wait if they want to purchase Coldcard hardware wallet now, current model is MK3 and I think MK4 will be released soon.
I still don't like MIT+CC license, but I think it's much better purchase than ledger nano X, if the price stays the same like now (or lower).
In addition to this I am adding one of NBK video tweets made few months ago,. showing that TXN, xpub, xpriv, PSBT, and almost everything Bitcoin related can be done with NFC:
https://twitter.com/nvk/status/1436347560042586114?s=21

[witcher_sense]

This means that people should better wait if they want to purchase Coldcard hardware wallet now, current model is MK3 and I think MK4 will be released soon.
I still don't like MIT+CC license, but I think it's much better purchase than ledger nano X, if the price stays the same like now (or lower).
In addition to this I am adding one of NBK video tweets made few months ago,. showing that TXN, xpub, xpriv, PSBT, and almost everything Bitcoin related can be done with NFC:
https://twitter.com/nvk/status/1436347560042586114?s=21

Do you think the hardware wallets that have NFC technology implemented are generally better than those that are doing all the airgap stuff and communications via standard SD-cards or cameras with QR-codes? Personally, I have some concerns regarding the usage of near-field communication technology because it is known to be insecure and highly vulnerable to hacks in case a hacker has gotten physical access to a hardware device. Actually, in the case of NFC, he even doesn't need to "steal" your device, because he will theoretically be able to secretly manipulate the device using his smartphone through your clothes (especially if you carry a hardware wallet in your pocket) in a crowd or on public transport.

I am wondering if it is possible to hack hardware wallets in the same way that was used to hack ATMs. https://www.wired.com/story/atm-hack-nfc-bugs-point-of-sale/

There are other questions that I have about the security of ColdCard implementation of NFC.

If the above is not enough for you, the antenna can be destroyed by cutting the trace labeled "NFC" inside the hole for the MicroSD card.

Why would I overpay for the NFC feature and later destroy an NFC chip?

The NFC traffic is not encrypted and is subject to eavesdropping. While the NFC feature is active, your Coldcard can be uniquely identified because the NFC protocol requires a unique ID (64 bits) that is defined by the NFC tag chip and shared automatically as part of the anti-collion protocol.

Sending information in plain text is not what you want when dealing with hardware wallets but given that we are sending only transactions that is not a big deal. However, I am more concerned about the privacy aspect because if my phone knows that I use a hardware wallet, so will the mobile carrier and the government. I wouldn't want a totalitarian government to know that a particular citizen wants financial independence.

Many values can be exported this way, including xpub and even seed words after enough warning screens.

Why? Why do they leave users the option to send seed phrases as plain text? Hackers can take advantage of this vulnerability and steal secrets. 

[n0nce]

~

NFC wormholing and similar attack vectors are always possible on a physical level, which should be pretty obvious. However, they can be mitigated through the implementations, so we can't say that NFC per se will be secure or insecure. One such protection, which was not in place when credit cards were wormholed, is time checking. Literal 'time of flight' of the data being exchanged can indicate if the device is under attack by estimating the distance between the two devices, since the signal can't travel faster than the speed of light.

Similar attacks are possible when using QR codes as well, though obviously much harder, if possible at all without the victim noticing.

I also think that more people will be able to check that the PSBT data is legit if it's transmitted via QR code and SD, because you can literally read out and verify the SD card / scan the QR code and verify the PSBT as well. Most people don't have NFC readers however, so e.g. a malicious firmware update that leaks more data through NFC than it should (just one example) can't be spotted as easily.

It'll be much more convenient than SD card airgap, while being much more secure than wallets that use Bluetooth. However, in my opinion QR code scanning back & forth is still by far the best option. It just ticks all the boxes; while being just slightly more cumbersome than an NFC connection.
* Fast to perform
* Easy to verify data
* Air-gapped operation
* Tricky to tap into

Coinkite should have added a camera & maybe simply used Passport's open source camera code that Foundation team added, since the codebase is forked from Coldcard itself.

[DaveF]

Why why why do businesses keep adding things to security devices?
Yes I like the idea of a camera or nfc or other stuff. Give me the option of buying something without it.
I don't want any way of communicating that is not needed.
It's just another point of vulnerability.
Can a camera be hacked? Probably not. Can the controller chip in the camera that talks to the rest of the device be hacked to display something other then what is there. Yes.
Can we trust NFC? To a point. Even with the antenna wire cut, is it still there as some other thing that may have a vulnerability? Yes.

-Dave

[dkbit98]

Do you think the hardware wallets that have NFC technology implemented are generally better than those that are doing all the airgap stuff and communications via standard SD-cards or cameras with QR-codes?

There is no perfect protection for any devices or technology and NFC is no different, but I think that some hardware wallets are already using NFC technology, and it was trail and tested for years with credit cards.
One thing is for sure, NFC is much more safe than bluetooth because it uses radio waves with much shorter range, and it's not broadcasting information all the time.
 

I am wondering if it is possible to hack hardware wallets in the same way that was used to hack ATMs.

I don't think this is possible, because you are not keeping your hardware wallet in public places, and you shouldn't take it with you all the time as a keychain or around your neck.

Why would I overpay for the NFC feature and later destroy an NFC chip?

Who is saying that you would overpay for anything?
Regular NFC cards cost only few bucks online and I don't see them breaking all the time.
I have no idea how Coldcard will implement NFC, and I am not their supporter for sure, but I am interesting to see any innovation in this space.

Why why why do businesses keep adding things to security devices?

Did you stop using your credit cards or did you notice any major change or security issue with them since they added NFC support?
You can't even control that in your credit card, and I think hardware wallet could offer a way to turn it off if you don't want to use it.
Let's wait and see if NFC will be the thing to destroy ColdCard... oh how I wish that ledger added NFC first  

[n0nce]

Why why why do businesses keep adding things to security devices?

Did you stop using your credit cards or did you notice any major change or security issue with them since they added NFC support?
You can't even control that in your credit card, and I think hardware wallet could offer a way to turn it off if you don't want to use it.
Let's wait and see if NFC will be the thing to destroy ColdCard... oh how I wish that ledger added NFC first 

Now we're going to start looking like Ledger haters, but from what I've seen so far, I believe them implementing NFC would actually result in successful wormhole attempts on day one

It remains to be seen if Coinkite can provide a secure implementation, but it's true as DaveF says that it's an additional attack vector. I guess that point can be made about any wallet with more than one means of communication. In theory, having a single one is enough, right. So I would argue Passport should have no SD card slot and do only the QR codes. But sometimes you use a PC without webcam and suddenly you wish it had USB or SD card ability... ^^

I agree that cutting out unnecessary firmware code makes sense though, like removing the hidden Snake game they added, which I also provided as feedback.
I guess that I wouldn't use a wallet with Bluetooth myself though, so I may be applying double standards here, potentially accepting NFC but rejecting Bluetooth, I'm aware of that Probably it depends on your threat model and use-case and you should definitely buy a wallet that has the features you want, but still fulfilling your security requirements. Which differ per-person and per-usecase.

[DaveF]

Why why why do businesses keep adding things to security devices?

Did you stop using your credit cards or did you notice any major change or security issue with them since they added NFC support?
You can't even control that in your credit card, and I think hardware wallet could offer a way to turn it off if you don't want to use it.
Let's wait and see if NFC will be the thing to destroy ColdCard... oh how I wish that ledger added NFC first  

No, but if my Chase Visa gets compromised and someone runs up thousands of dollars in charges it's not my problem beyond making a phone call and letting them know about it. A cold card is not a credit card, it's a security device. They added something to it to make it more convenient to use. Same as the camera on the passport. The odds of either being compromised are very very very....add many more very small. But they are not zero. And you don't need it. You need a screen. You need a way to input information. That's it.

Once again IMO your views might vary.

-Dave

[dkbit98]

It remains to be seen if Coinkite can provide a secure implementation, but it's true as DaveF says that it's an additional attack vector. I guess that point can be made about any wallet with more than one means of communication.

Yes I know they are making additional attack vectors this way and I am not defending them, just trying to be neutral in this situation if possible, and I have bad things to say about coldcard wallet.
If we think this way than we should know that regular computers, laptops and smartphones have the biggest attack vectors from all devices, they have connections for cameras, wifi, bluetooth, internet connection, etc... even if they are airgapped.

I agree that cutting out unnecessary firmware code makes sense though, like removing the hidden Snake game they added, which I also provided as feedback.
I guess that I wouldn't use a wallet with Bluetooth myself though, so I may be applying double standards here, potentially accepting NFC but rejecting Bluetooth, I'm aware of that

I think that bluetooth is much more dangerous than nfc because of wider range, and it sucks that even Trezor is considering adding that in their new hardware wallet device
I probably won't ever use any hardware wallet with bluetooth or wireless connection either, but I just checked one list of hardware wallets and saw there are more of them with NFC chips:

- KeyWallet Touch
- Asamacura
- SatoChip/Satodime
- ColdLar Touch
- D'CENT Card Wallet
- KeyCard
- Sugi
- Tangem Card
- Arculus
...

No, but if my Chase Visa gets compromised and someone runs up thousands of dollars in charges it's not my problem beyond making a phone call and letting them know about it. A cold card is not a credit card, it's a security device. They added something to it to make it more convenient to use. Same as the camera on the passport. The odds of either being compromised are very very very....add many more very small. But they are not zero. And you don't need it. You need a screen. You need a way to input information. That's it.

You should really opt out from using smartphones and start using old mobile phones, use it only for calls, because you are increasing attack vectors a lot, and you are tracked 24/7.
I am not sure but I think that NFC technology is also found in sim cards and many other devices, so trying to escape from it is almost impossible.
I think that credit card is a kind of primitive security device, you have your PIN code and you can use it for payments or withdrawing money, it has security written all over it.
And you can't have zero attack vectors in any device, so nfc is just a less evil than other things

[n0nce]

Why why why do businesses keep adding things to security devices?

Did you stop using your credit cards or did you notice any major change or security issue with them since they added NFC support?
You can't even control that in your credit card, and I think hardware wallet could offer a way to turn it off if you don't want to use it.
Let's wait and see if NFC will be the thing to destroy ColdCard... oh how I wish that ledger added NFC first 

No, but if my Chase Visa gets compromised and someone runs up thousands of dollars in charges it's not my problem beyond making a phone call and letting them know about it. A cold card is not a credit card, it's a security device. They added something to it to make it more convenient to use. Same as the camera on the passport. The odds of either being compromised are very very very....add many more very small. But they are not zero. And you don't need it. You need a screen. You need a way to input information. That's it.

Once again IMO your views might vary.

-Dave

About the highlighted part: I actually think by now, that camera / QR code communication is one of the most secure ways, probably even better than moving an SD card around. The reason is that an SD card is pretty much the easiest thing for a PC virus to manipulate as soon as you plug it in. Every program on a computer has access to external media, in 99% of cases (also the case with SD-card based hardware wallets), while it's harder to tap into an open 'camera session' - even more so when using sandboxed mobile apps, which is probably the most common use case with such a device.

So it may actually be more secure to add a camera and remove the SD card ability than the other way around. Of course, the Passport has both so my argument doesn't really hold here, except if you just don't use the SD card feature altogether.

I want to point out here that I'm not a total fan of the Passport, it's just my only camera-capable hardware wallet at the moment. In fact, I would highly advise not (!!!) to buy one at the moment, at least not the first version, mostly because of the insanely fast battery drain problematic. I feel like I need to quickly finish my review, but it will all make more sense once you guys will read it.

You should really opt out from using smartphones and start using old mobile phones, use it only for calls, because you are increasing attack vectors a lot, and you are tracked 24/7.

Since we're already super off-topic anyway, here another topic idea: people who already tried or plan on trying to 'go back' to kind of pre-smartphone time. What I mean is: it should be pretty obvious that you lose tons of time on a smartphone daily; even though a few things are quicker / save time, most people spend a lot of time on them which could be better used. For example for educating, time with close friends and family and real hobbies. Most people don't even have a hobby these days; which is obvious if the average screen time is like 4h+ Of course for us cypherpunks it's also interesting to cut down on surveillance and data collection. But I think another thread would be cool for this topic! Might whip something up later.

[dkbit98]

About the highlighted part: I actually think by now, that camera / QR code communication is one of the most secure ways, probably even better than moving an SD card around.

I agree with you that camera + qr codes are safer option than using sd cards (that can be removed and replaced), but only if those codes can be verified easy.
If qr codes are done like in case of Safepal hardware wallet than you can't verify anything and you don't know exactly what you are transacting.
Keystone wallet is doing this the right way with open source, and I think it's similar with Passport wallet, maybe you can confirm that n0nce.

What I mean is: it should be pretty obvious that you lose tons of time on a smartphone daily; even though a few things are quicker / save time, most people spend a lot of time on them which could be better used.

There are much better ways to spend than messing with phones all the time, but I am not saying they are not useful and can be used even for bitcointak forum.
We made smartphones something like out third arm extension, and I saw people getting super scared when thinking they lost their smartphone, like their all life is located in that device.

Back on ColdCard topic, looks like they are preparing some new product called Coinkite cards (TapSigner, SatsCard), they should be cheap and multisig.
Maybe this will be competition for Satochip/Satodime or Tangem NFC cards, and they will probably launch this together with new ColdCard Mk4 wallet.
I just love new stuff coming out in HW world


https://coinkite.cards/

[DaveF]

So the Mk4 is now available for preorder at a lower price then the Mk3 from coldcard:

Mk4 Improvements
USB-C Connector
Unlimited Memory, no Bitcoin Transaction size restrictions
NFC Tap for all data types, PSBT, Address, etc...
New 2x secure elements design (multi vendor)
New plastic
Faster Processor
... and much more, details comming!

Link to preorder: https://store.coinkite.com/store/coldcard
Link to blurb about it: https://coldcard.com/docs/coldcard-mk4

I do like the 2x secure elements idea if it means that parts of the encrypted data are in 2 different locations with 2 different chips allowing for a bit more security.

-Dave

[dkbit98]

So the Mk4 is now available for preorder at a lower price then the Mk3 from coldcard:

That is one very sweet price with a nice discount EARLY-BIRD $40 Off and I think that you can get 5% more discount if you pay with Bitcoin, but this reservation price offer is available only for one day I think.
I see they did some small redesign, buttons are now not all rounded, type C connector, better processor, more RAM, controversial NFC added, and I first time I see any hardware wallet with two secure elements.
Screen looks a bit bigger and more clear to to me, plastic is less blurry and probably with better quality.
This also means that support for MK3 and older versions will not last for very long, but they say that production of MK3 will not stop yet.
I am interested to see how this new version compares in real life with MK3 and other airgap wallets like Keystone.
If you need to buy Bitcoin only hardware wallet this would be a better option than ledger or trezor, but I still prefer if they revert back to open source license (NVK can you hear me? )

[HCP]

I'm a little confused by the pre-order. It gives me the option to pay, but there doesn't seem to be any shipping costs. So, is that part of the pre-order deal that you get free shipping as well? Or are they going to come back in the future and ask for further payment for shipping?

If I try to purchase a Mk3, it gives me 3 different options (postal, Fedex or DHL)... but in the Mk4 pre-order, it skips over the shipping options straight to the payment option?

EDIT:
And sadly, it looks like the 5% off for BTC payment doesn't work with the pre-order:


Nothing subtracted and the amount of bitcoin it is asking for works out to US$109 (according to preev)

[dkbit98]

If I try to purchase a Mk3, it gives me 3 different options (postal, Fedex or DHL)... but in the Mk4 pre-order, it skips over the shipping options straight to the payment option?

This is only pre-order so you are just paying reservation for you Mk4 Coldcard wallet, they will probably notify you with email when shipping is ready and if you need to pay more for that.
At the moment free shipping option is only available if you spend $390 or more on Coinkite products, and I doubt they will send it for for worldwide, maybe it will be available for Canada and United States.
After adding five Coldcard Mk4 wallets in my Cart I got free delivery option for my order, but I won't complete that order.

I see people already complaining about NFC, so NKV is saying they can disable it manually by just scraping that little gold trace:
https://twitter.com/nvk/status/1436367391991242754

[HCP]

That's a little annoying if they're going to ask for shipping later... I suppose that one could reasonably expect the costs to be the same as for the current shipping on the Mk3, but you never really know. Especially given that there is no firm shipping dates as yet.

I've dropped a question in their Telegram channel to seek clarification, hopefully I get a reply before the $40 discount disappears.


EDIT: they have indeed confirmed that all you are paying for is reserving a device... so you will need to pay an additional amount for shipping when the device is ready to ship.

[dkbit98]

@HCP here is some more information and first look from the inside of the new Coldcard Mk4 hardware wallet ontheir  coinkite substack page.
You also have the answer to your question about shipping, they say it will be handled later when the device is ready for sending.

Coldcard Mk4 (announced in 2022)


https://coinkite.substack.com/p/coldcard-mk4-early-bird-reservation

And this is how ColdCard Mk3 looks from the inside, so we can notice some major design changes on PCB.
I was surprised when I found out that you can even purchase old and now insecure Coldcard Mk2 wallet on some websites like blockstream store for $99, and it's in stock  
https://store.blockstream.com/product/coldcard-mk2/

Coldcard Mk3 (announced in 2019)


Coldcard Mk2 (insecure because of old secure element ATECC508A)



Coldcard Mk1 (announced in 2017)

[n0nce]

I do like the 2x secure elements idea if it means that parts of the encrypted data are in 2 different locations with 2 different chips allowing for a bit more security.

Me too, I think the first time I see this! The concept is not new though: when setting up multisig with multiple hardware wallets, it's often recommended to use different wallets with different secure elements, since this is usually the only component not open source, so the one point that requires some trust. The trust is reduced though if ordering from different vendors, different factories and different production locations.
Hence I like having a wallet from the U.S., as well as something from Europe as an example!

[witcher_sense]

I see people already complaining about NFC, so NKV is saying they can disable it manually by just scraping that little gold trace:
https://twitter.com/nvk/status/1436367391991242754

Look at comments to the tweet. It's really funny that this little tiny scrap point that provides NFC functionality locates near an SD card slot. That means you can destroy it simply by accident by carelessly inserting your SD card. The developers seem to be telling you that you should make a choice between the two methods of air-gapped communication. You either use NFC functionality or SD card, but not both at the same time because the usage of the latter will likely result in crippling the former. Honestly, I can't think of any other reason why they made that design choice. It seems that developers don't care much about NFC itself, they are just following market trends, which is why they add features the market desires. If users started to destroy NFC chips for whatever reason, the developers are gonna be happy anyway since it would make their devices even more secure.

[n0nce]

I see people already complaining about NFC, so NKV is saying they can disable it manually by just scraping that little gold trace:
https://twitter.com/nvk/status/1436367391991242754

Look at comments to the tweet. It's really funny that this little tiny scrap point that provides NFC functionality locates near an SD card slot. That means you can destroy it simply by accident by carelessly inserting your SD card. The developers seem to be telling you that you should make a choice between the two methods of air-gapped communication. You either use NFC functionality or SD card, but not both at the same time because the usage of the latter will likely result in crippling the former. Honestly, I can't think of any other reason why they made that design choice. It seems that developers don't care much about NFC itself, they are just following market trends, which is why they add features the market desires. If users started to destroy NFC chips for whatever reason, the developers are gonna be happy anyway since it would make their devices even more secure.

Don't worry, you won't damage a PCB trace using a plastic microSD card, in my opinion. You really need to put a knife to it.
Not sure about the design choice either; seems a very odd place to put such 'fuse'. Only idea that comes to mind is that you may be able to scrape it without opening the device up; though it seems to me ColdCard is easy to open anyway.