Crypto wallets safeguard your private keys, which are required to validate any cryptocurrency transactions broadcast to a blockchain network. Before funds can actually be sent or spent from a wallet, the transaction must be digitally “signed” using its private key. The process of signing transactions is a fundamental wallet security feature that prevents unauthorized access to an individual’s crypto. Sometimes, for various reasons we’ll get into shortly, users may need additional wallet security. Multisignature wallets, or multisig wallets, require two or more private keys to authorize a transaction, adding another layer of protection against hackers and thieves. Ahead, we’ll get into what multisig wallets are and how they work, and talk about some of the use cases they unlock, plus how to create a multsig wallet yourself.
What is a multisig wallet?
Multisig wallets, also known as shared wallets, are a type of crypto wallet that require two or more signatures to confirm and send a transaction. They allow more than one individual/device (or “copayer”) to share the same wallet while preventing unauthorized use by any one party. Unless the required amount copayers sign off on a transaction, no payments can be made from a multisig wallet. But when would you need to use a multisig wallet?
Security benefits of multisig wallets
If you’re following crypto safety best practices, you already know never to share your private key with anyone for any reason. But with a multisig wallet even if one private key is compromised it’s useless to the thief without the others required to sign a transaction, which means less risk of stolen funds. Multisig wallets also help protect against funds lost due to misplacing your seed phrase. When using a single-signature wallet, a lost seed phrase could render a wallet’s funds irretrievable. But with a multi-sig wallet funds can still be recovered with the other seed phrases.
Situations when you can use a multisig wallet
Multisig wallets are useful for a variety of scenarios where a user (or users) desire added security.
Multi-party sign off for transactions
Multisig wallets are a great solution when multiple authorizations are required to make a payment in a business/workflow scenario. This ensures all parties are aligned on every payment that originates from the wallet.
Shared access to one wallet
Similar to a joint bank account, a multisig wallet shared by multiple users can allow access to a shared pool of funds.
Long term cold storage
Given the multiple signatures required and increased security, a multisig wallet makes sense as a place to store larger amounts of funds which won’t be touched very often. The “cold” in cold storage means your device never connects to the internet. During this use case a “hot” wallet, or one that connects to the internet, with a smaller amount of funds will be used for more frequent transactions.
Single user, multi-device security
Similar to multi-factor authentication, a multisig wallet requires multiple steps to send payments. Crypto users can implement a multi-signature process across multiple devices (ex: phone, computer, hardware wallet or paper wallet) to improve security against thieves and hackers. Even if one device is compromised, others are needed to approve payments.
Contingency for lost or damaged devices
If one recovery phrase is lost or destroyed, you may recover funds with another phrase.
Note: We’ll focus on the last three in this guide – cold storage, single user and contingency for lost/damaged devices
How to get started with a multisig wallet
Whether you’re sharing a pool of crypto funds with another wallet copayer or just want some additional peace of mind , a self-custody multisig wallet could be an effective security solution for you. Getting started with a multisig wallet takes only a few steps.
Step 1: Decide on the number of signatures required to authorize transactions
The first decision to make when creating a multisig wallet is how many signatures are required out of the group in order to authorize a transaction. Multisig wallet transactions are often called “M-of-N transactions”, where M is a variable representing the number of signatures required and N represents the total number of keys. So for example, a 2-of-3 wallet has 3 total copayers, and at least two of them must sign off before a transaction can be executed. 2-of-3 is a common signature setup for a multisig wallet, but you can decide how many signatures are required out of the total number of copayers, for example, 3-of-5, 5-of-7, 5-of-5 and so on. Signatures can be made from devices controlled by separate parties or one single party controlling multiple devices/keys.
Step 2: Choose where each wallet will live
It’s best not to put all of your security eggs in one basket when it comes to your crypto keys, so it’s strongly advised to keep all of a multisig wallet’s private keys in different places. Even across different types of wallets, if possible. For instance, one copayer’s key can be stored on a hardware wallet and another’s on a mobile or desktop wallet. Spreading keys out among different wallet types will make theft even more difficult.
Step 3: Create your wallet
The process for creating a multisig wallet will vary depending on the provider you choose, but you can quickly create a multisig wallet using the BitPay app by following these steps:
- Open the BitPay app
- Click on “Create, import or join a shared wallet” on the app home screen
- Select “Multisig Wallet”, then “Create a Shared Wallet”
- Select the currency, either Bitcoin, Bitcoin Cash, Dogecoin or Litecoin. (Note: Ethereum does not support multisig)
- Enter the wallet name
- Enter your name (this will be your copayer name)
- Select the number of copayers
- Select the number of required signatures
- Under the “Show Advanced Options” tab you can also choose to enable segwit (segregated witness), make the wallet a testnet wallet and/or choose to use one address rather than generating a new one with each transaction
- Click CREATE
- You’ll then have the option to record your recovery phrase. We strongly recommend backing this recovery phrase up! BitPay can’t restore your phrase or funds if this phrase is lost, stolen or destroyed. Remember, each copayer of the shared wallet will have their own recovery phrase.
- Share the address/QR code with the other devices joining the wallet.
Step 4: Secure your recovery phrases
A recovery phrase (or seed phrase) is a series of random words every newly created crypto wallet generates as a last line of defense against a lost or stolen private key. If a user loses access to their wallet, they can recover it by inputting the 12- or 24-word sequence verbatim, and in the exact same order they were given. That being said, it’s easy to see why a seed phrase should be protected with just as much rigor as your private key.
Seed phrases should never be stored on any device that can connect to the internet. If you want to follow wallet security best practices, this means securing your seed phrase offline and locked safely away. Remember, anyone who has your seed phrase can gain access to your funds, so every effort should be made to ensure it never ends up in the wrong hands.
Step 5: Practice using the wallet
Now that you’re all set up, it’s time to take that shiny new multisig wallet out for a test drive. You’ll want to familiarize yourself with its features and get comfortable with the process of sending and receiving transactions. This can be done right from the BitPay homescreen.
- Select “Send” on the BitPay home screen
- Select the currency you’d like to send
- Choose your multisig wallet (if you have multiple wallets/keys)
- Scan or enter the receiving wallet address
- Enter the amount you’d like to send
- Review the transaction details and confirm the transaction
- A proposal for the transaction has now been created and needs to be confirmed by the number of copayers required by the wallet
- As another copayer (or on your other device), tap into your notifications section on the BitPay app home screen
- Tap onto the payment and slide to sign the selected transaction
- If necessary, repeat the above two steps until the required number of require signatures are complete and the transaction is sent
- Proposed and sent transaction history can be reviewed by tapping into your multisig wallet details within the BitPay app
Store securely with self-custody
Best practices when using a multisig wallet
By now you should have a much better understanding of what multisig wallets are and how they are used. To conclude, let’s take a moment to revisit some of the best practices to follow when using a multisig wallet. This will help you get the most out of your multisig wallet and avoid a potentially costly security blunder.
Back up your wallets as soon as you create them
Backing up your Bitcoin wallet by generating and recording your recovery phrase will ensure your funds are recoverable even in the event of a lost or stolen private key or wallet device.
Create a payment protocol and stick with it
Once you’ve committed to a specific use for a wallet, it’s best not to deviate from the plan. For example, are you using it for long-term cold storage? Making major purchases? A crypto savings account? Keeping different wallets for different purposes makes it easier to keep your accounts and expenditures organized. All of your hot wallets can be managed simultaneously from the BitPay Wallet, including Coinbase accounts and self-custody wallets imported from other wallet providers.
Practice recovery before you need it for real
The worst time to learn your fire extinguisher doesn’t work is when your kitchen is on fire. That same idea can be applied to your seed phrase. You don’t want to find out you wrote down a wrong word or mixed up the order after you’ve already lost access to your wallet. Instead, it’s smart to do a trial recovery run to make sure your seed phrase is recorded accurately. Regularly check that your wallets’ phrases match what you’ve recorded. It’s a small thing, but it could save you a lot of panic and heartache in the event you lose access to your wallets.
Store recovery phrases in different locations
It’s a good general safety move to keep your wallet’s recovery phrase written down and kept somewhere secure. But what’s even more secure is keeping recovery phrases in different locations. You could keep one of the phrases in a hidden safe or lockbox at home and the other in a safety deposit box at the bank. That way even if someone broke into your house and managed to get inside your safe, they’d only have one of the signatures, which will not give them access to the wallet. Whatever you do, resist the temptation to store your recovery phrases digitally, it will always be less secure than good old fashioned pen and paper.
Important! Don’t disclose your seed phrase to anyone unless you want to give them access to your funds. BitPay or any other reputable wallet provider will never ask for your seed phrase. If someone asks or requires access to your seed phrase for any reason they are most likely deceiving you!
Anybody with your recovery phrase will be able to access your wallet and the funds it contains. Which means unless you want the person to have access to your funds, you should never share your seed phrase with anybody for any reason. It’s also critical to establish a plan that will ensure your partner, spouse or next-of-kin will be able to recover your funds if something unexpected happens to you. Otherwise your funds may be lost forever.
Set realistic expectations when creating a multisig wallet
Multisig wallets are a great security tactic to keep your funds safe. But you’ll also want to protect your funds from yourself. Most lost crypto is the result of human error. Establish a realistic protocol that you’ll be able to abide by and give yourself the flexibility for mishaps and mistakes. You’ll most likely want to create a wallet where the number of signatures required is less than the total number of copayers/devices (ex: 2-of-3, 3-of-4 or 3-of-5 instead of 2-of-2, 3-of-3 or 4-of-4). This will give you the flexibility to recover funds even if one device is compromised.
Diversify wallet providers and devices
Using different device types and manufacturers is a smart way to protect your funds in the case of colossal failure. Buggy software updates, data breaches, recalls and widespread hacks happen. To hedge against these rare but potential issues use a combination of iOS and Android devices, a variety of hardware wallet options or even different bank branches where sensitive information relating to your funds will be kept.