In traditional business, “key person risk” refers to when a company relies too much on one individual to succeed. Cryptocurrency businesses are prone to a very literal version of this risk when handling funds. The most infamous example may be QuadrigaCX, whose customers have been waiting nearly three years to recoup $115 million worth of deposits since the death of founder Gerald Cotten, the sole possessor of the cryptographic keys to the exchange’s wallet.
Fortunately, multisignature cryptocurrency wallets offer a built-in way to manage this sort of risk.
Multisignature wallets (or multisig, for short), are cryptocurrency wallets that require two or more private keys to sign and send a transaction. The storage method requires multiple cryptographic signatures (a private key’s unique fingerprint) to access the wallet.
Of course, multisig is not a panacea, as customers of OKEx learned last month, when the exchange suspended withdrawals, explaining (somewhat cryptically) that one of its key holders was cooperating with an investigation and had fallen “out of touch.” Without that key holder’s authorization, OKEx was unable to give customers their money back.
But properly used, multisig can mitigate the hazards of dealing with digital bearer assets where transactions are irreversible. What follows is an explainer of how mutisig works, why someone might want to use it, how it can go awry, and more.
How does a multisignature crypto wallet work?
Imagine a bank vault that requires more than one key to open: That’s a little how multisignature cryptocurrency wallets work (and why multisignature wallets are typically called vaults).
You can choose how many keys are allowed to open the vault as well as the minimum number of keys needed to unlock it (e.g., you could have a 2-of-3 multisig where two out of three assigned private keys are needed, 3-of-5, 5-of-7, etc.).
It works like this: Justin, Vittie and Craig set up a multisignature crypto wallet where each holds one key and two of the three keys must be present to send a transaction. To make a payment, Justin would create a transaction and sign it with his key; he would then send this transaction to Vittie, who would sign it with her key. From here, Vittie can either send it back to Justin to finalize the transaction or send it to Craig for him to sign, too (though this last step is not necessary, considering only two of the three keys are needed to unlock the wallet).
Typically, hardware wallets (namely, Trezor, Coldcard and Ledger) are the go-to option for using a multisig setup because they are the safest way to store a private key. Once these wallets are combined into a multisig setup, they create an entirely new multisignature address that is independent of each individual hardware wallet.
When would someone use a multisignature crypto wallet?
Most notably, crypto exchanges, brokers/OTCs, investment funds and other crypto companies use multisignature storage to secure their cold storage funds. Exchanges, brokers and the like distribute admin keys for their funds in order to distribute the risk; if hackers want access to their reserves, they’re going to need several keys to do so. Similarly, multisig ensures no one person in the firm is able to unilaterally withdraw funds from the account. The more signatures you need to execute a transaction, the more distributed the decision-making process can be.
Other specific use cases may involve setting up a shared account among family members (for, e.g., a trust or estate) or an escrow account (for, e.g., a bet or a sale of property). Relatively speaking, multisig is still a niche custody practice among cryptocurrency holders. Still, that doesn’t mean your typical crypto user doesn’t use it to custody their coins.
When multisig goes wrong
Multisig provides an extra layer of protection for cryptocurrencies holdings, but it’s not without risks.
For Bitcoin, multisignature wallet software has come a long way since the early days of Electrum (one of the earliest Bitcoin software wallets, which was also one of the first to support multisig), but it’s still a complex process for less technically savvy users. The forthcoming Taproot upgrade, which will enrich Bitcoin’s scripting language to make coding smart contracts easier, will likely improve consumer-grade multisig software.
Each single-signature wallet has an associated seed phrase that allows users to back up and recover their wallets. A multisig wallet, however, does not have this backup mechanism; this is part of its design. So if you lose the majority of wallets in a multisig and the seed phrases for these wallets, then you lose access to the whole vault (of course, the same could be said for losing the device and seed phrase for a single-signature wallet).
Should I use multisig?
Multisignature proponents argue that multisignature is the most secure and fail-proof way to store cryptocurrency. Even if a thief gets his hands on one of your wallets, for example, they still won’t be able to access your account without the keys to the other wallets in the setup.
Still, there are others who argue the multisignature user experience is not simplified enough for average users, so only those who really know what they’re doing should bother with it.
How do I set up a multisignature wallet?
Historically, multisignature wallets have been the domain of developers or hardcore Bitcoiners because they are difficult to set up from scratch. Luckily, today’s tenderfoot multisignature users have it easier than the trailblazers of yesteryear. Nowadays, there are wallet softwares that streamline the multisig setup process, as well as services that provide customer support and key management services. (For instance, if an unwitting client loses a hardware wallet to the ether, the service has a key as backup.)
For Bitcoin custody specifically, some popular multisig service providers with key management services include Blockstream, Casa and Unchained Capital. Other open-source, do-it-yourself multisig software includes Caravan, Electrum, Lily, Nunchuk and Specter, among others.