Multisig: Multi-Signature Wallets
A standard Bitcoin wallet has a single point of failure: one seed phrase controls everything. If it's stolen, your bitcoin is gone. If it's lost, your bitcoin is gone.
Multisig (multi-signature) eliminates this vulnerability by requiring multiple keys to spend bitcoin.
What is Multisig?β
A multisig wallet requires multiple private keys to authorize a transaction. Instead of one key having complete control, you distribute control across several keys.
Think of it like a bank vault that requires two managers to turn their keys simultaneouslyβneither can open it alone.
The M-of-N Modelβ
Multisig uses an "M-of-N" structure:
- N = Total number of keys in the setup
- M = Number of keys required to sign
2-of-3 MULTISIG:
ββββββββββββββββββββββββββββββββββββββββββββββββββββ
Total keys: 3
Required to spend: 2
Any combination of 2 keys can authorize a transaction.
Common Configurationsβ
| Setup | Required | Total | Use Case |
|---|---|---|---|
| 2-of-3 | 2 | 3 | Individual self-custody (most popular) |
| 3-of-5 | 3 | 5 | High-value holdings, organizations |
| 2-of-2 | 2 | 2 | Shared control (no fault tolerance) |
| 1-of-2 | 1 | 2 | Easy access from multiple locations |
How It Worksβ
Creating a Multisig Walletβ
- Generate 3 separate private keys (usually on 3 hardware wallets)
- Extract the public key (xpub) from each device
- Combine the xpubs in coordinator software to create the multisig wallet
- The wallet can now receive bitcoin
Spending from a Multisig Walletβ
- Create an unsigned transaction (called a PSBT)
- Sign with Device 1 β Transaction is still incomplete
- Sign with Device 2 β Transaction is now valid
- Broadcast the fully-signed transaction
SIGNING FLOW:
ββββββββββββββββββββββββββββ��ββββββββββββββββββββββββ
PSBT (Unsigned Transaction)
β
βββββββββββ΄ββββββββββ
βΌ βΌ
βββββββββββ βββββββββββ
β Device 1β β Device 2β
β Signs β β Signs β
ββββββ¬βββββ ββββββ¬βββββ
β β
βββββββββββ¬ββββββββββ
βΌ
Fully Signed Transaction
β
βΌ
Broadcast to Network
Why Use Multisig?β
Eliminates Single Points of Failureβ
| Scenario | Single-Sig | 2-of-3 Multisig |
|---|---|---|
| One key stolen | Funds lost | Safe (thief needs 2 keys) |
| One key lost | Funds lost forever | Safe (2 remaining keys work) |
| House fire destroys backup | Funds lost | Safe (other locations have keys) |
| Coerced to hand over key | Funds lost | Safe (can't access other keys) |
Security Through Distributionβ
With multisig, your bitcoin security doesn't depend on any single thing:
SINGLE-SIG:
ββββββββββββββββββ
One seed phrase β Full control β Single point of failure
MULTISIG (2-of-3):
ββββββββββββββββββ
Key 1 (Home) ββ
Key 2 (Office) ββΌββ Need ANY 2 to spend
Key 3 (Safe) ββ
One key compromised β funds lost
The Tradeoffsβ
Advantagesβ
- Theft protection β Attacker needs multiple keys
- Loss protection β Can lose one key and still recover
- Inheritance β Can distribute keys to family
- Shared control β Multiple parties must agree to spend
Disadvantagesβ
- More complexity β More things to back up and manage
- Higher fees β Multisig transactions are larger
- More points of failure β Must back up descriptor AND seeds
- Slower transactions β Need multiple devices to sign
The Complexity Warningβ
Multisig adds complexity that can lead to permanent fund loss if mismanaged:
- You must back up the wallet descriptor (not just seed phrases)
- You must test recovery before depositing significant funds
- You need secure storage for multiple seeds in different locations
If you're not comfortable with single-sig hardware wallets yet, master that first.
When to Consider Multisigβ
Good Candidatesβ
- β Significant holdings you'd be devastated to lose
- β Long-term "vault" storage (not daily spending)
- β Business funds requiring multiple approvals
- β Inheritance planning scenarios
- β Access to multiple secure storage locations
Not Necessary Forβ
- Small amounts (under ~$10,000)
- Daily spending funds
- Users still learning basic self-custody
- Those without multiple secure storage locations
Key Componentsβ
Hardware Walletsβ
Each key lives on a separate hardware wallet. Recommended: use devices from different manufacturers to avoid single-vendor vulnerabilities.
Coordinator Softwareβ
Software like Sparrow, Nunchuk, or Specter:
- Creates the multisig configuration
- Generates receive addresses
- Creates unsigned transactions
- Combines signatures
Wallet Descriptorβ
A text string containing:
- All public keys (xpubs)
- The M-of-N policy
- Script type and derivation paths
The wallet descriptor is as important as your seed phrases. Without it, you cannot reconstruct your multisig walletβeven with all seeds.
Collaborative Custodyβ
Some services offer "assisted" multisig where they hold one key:
| Service | Model | You Hold | They Hold |
|---|---|---|---|
| Unchained | 2-of-3 | 2 keys | 1 key |
| Casa | 2-of-3 or 3-of-5 | 2+ keys | 1 key |
| Nunchuk | Flexible | Your choice | Optional |
Benefits: Professional backup, inheritance support, recovery assistance
Tradeoff: Third party involved (though they can't spend without you)
Key Takeawaysβ
- Multisig requires multiple keys to spend bitcoin
- 2-of-3 is the most popular individual setup
- Eliminates single points of failure for both theft and loss
- Adds complexityβmore things can go wrong
- Wallet descriptor backup is critical (not just seeds)
- Best for significant, long-term holdings
- Master single-sig first before attempting multisig
Ready to Build It? Step-by-Step Setupβ
If you understand the concepts above and want to implement a 2-of-3 multisig, the following sections walk you through the full DIY setup with Sparrow Wallet.
- Set up 3 hardware wallets for multisig
- Create a 2-of-3 multisig wallet in Sparrow
- Properly back up seed phrases and wallet descriptor
- Test your recovery procedure
β±οΈ Time required: 2-3 hours π Difficulty: Intermediate to Advanced π° Estimated cost: $200-450 (3 hardware wallets) + $30-60 (metal seed backups)
Choosing Your Configurationβ
2-of-3: The Sweet Spotβ
For most individuals, 2-of-3 multisig offers the best balance:
Advantages:
- Lose 1 key β Still have access (fault tolerance)
- 1 key stolen β Funds still safe (theft protection)
- Manageable complexity (3 backups, 3 devices)
- Lower transaction fees than 3-of-5
3-of-5: Maximum Securityβ
For very large holdings or organizations:
Advantages:
- Can lose 2 keys and still access funds
- 2 keys can be stolen without fund loss
- Good for distributed teams/families
Disadvantages:
- 5 devices to purchase and manage
- 5 seed phrases to secure (10 locations if you separate!)
- Higher transaction fees
- More coordination for signing
2-of-2: Shared Control (Use Carefully)β
β οΈ Not recommended for most users
- No redundancy β lose 1 key, lose everything
- Both parties must be available to spend
- Use only for specific shared-custody scenarios
DIY vs. Collaborative Custodyβ
Don't want to manage all keys yourself? Collaborative custody providers hold one key while you hold the majority.
| Service | Free Tier | Paid Plans | Best For |
|---|---|---|---|
| Unchained | Yes (2-of-3) | From $0 + per-sign fee | Financial services, loans |
| Casa | Basic wallet | From $30/month | Beginners, inheritance |
| Nunchuk | Yes | From $15/month | Privacy, flexibility |
| Factor | DIY Multisig | Collaborative Custody |
|---|---|---|
| Technical skill needed | High | Low-Medium |
| Privacy | Maximum | Provider sees balances |
| Support available | Community only | Professional help |
| Ongoing cost | One-time (hardware) | Monthly subscription |
| Recovery assistance | You're on your own | Help available |
| Best for | Technical users | Beginners, busy people |
Recommendation:
- New to multisig? Start with collaborative custody to learn the concepts
- Technical and privacy-focused? DIY with Sparrow Wallet
- Significant holdings but not technical? Collaborative custody is worth the cost
Common Multisig Mistakesβ
Mistake 1: Not Backing Up the Wallet Descriptorβ
Problem: You have all 3 seed phrases but can't reconstruct the wallet.
Solution: Store the wallet descriptor (as PDF, file, or printed) with each seed phrase backup.
Mistake 2: Storing Multiple Seeds Togetherβ
Problem: A single theft or disaster compromises multiple keys.
Solution: Geographic distribution β each seed in a different location.
Mistake 3: Using the Same Hardware Wallet Brandβ
Problem: A firmware vulnerability affects all your signing devices.
Solution: Mix manufacturers (e.g., Coldcard + Trezor + Keystone).
Mistake 4: Not Testing Recoveryβ
Problem: You think your backup works but haven't verified it.
Solution: Practice recovery with a small amount before depositing significant funds.
Mistake 5: Overcomplicating the Setupβ
Problem: 5-of-7 multisig across 3 continents with time locks...
Solution: Start simple. 2-of-3 is sufficient for most individuals.
Mistake 6: Not Verifying Addresses on Devicesβ
Problem: Malware could show you a fake address on your computer.
Solution: Always verify receive addresses on your hardware wallet screens before depositing.
Security Checklistβ
Before depositing significant funds, verify:
- Each hardware wallet is from a different manufacturer (recommended)
- Each seed phrase is backed up on metal (fire/water resistant)
- Seed phrases are stored in separate physical locations
- Wallet descriptor is backed up (multiple copies in different locations)
- You've verified a receive address matches on at least 2 hardware wallets
- You've successfully completed a test transaction (send and receive)
- You've practiced full wallet recovery from backups
- You understand you need M keys to spend (not just one)
- Hardware wallets are registered with the multisig configuration