Multisignature Wallets Can Keep Your Coins Safer (If You Use Them Right)
In traditional business, “key person risk” refers to when a company relies too much on one individual to succeed. Cryptocurrency businesses are prone to a very literal version of this risk when handling funds. The most infamous example may be QuadrigaCX, whose customers have been waiting nearly 3 years to recoup $115 million worth of deposits since the death of founder Gerald Cotten, the sole possessor of the cryptographic keys to the exchange’s wallet.
Fortunately, multisignature cryptocurrency wallets offer a built-in way to manage this sort of risk.
Multisignature wallets (or multisig, for short), are cryptocurrency wallets which require two or more private keys to sign and send a transaction. The storage method requires multiple cryptographic signatures (a private key’s unique fingerprint) to access the wallet.
Of course, multisig is not a panacea, as customers of OKEx learned last month, when the exchange suspended withdrawals, explaining (somewhat cryptically) that one of its key holders was cooperating with an investigation and had fallen “out of touch.” Without that key holder’s authorization, OKEx was unable to give customers their money back.
But properly used, multisig can mitigate the hazards of dealing with digital bearer assets where transactions are irreversible. What follows is an explainer of how mutisig works, why someone might want to use it, how it can go awry, and more.
How does a multisignature crypto wallet work?
Imagine a bank vault that requires more than one key to open: That’s a little how multisignature cryptocurrency wallets work (and why multisignature wallets are typically called vaults).
You can choose how many keys are allowed to open the vault as well as the minimum number of keys needed to unlock it (e.g., you could have a 2-of-3 multisig where two out of three assigned private keys are needed, 3-of-5, 5-of-7, etc).
It works like this: Justin, Vittie and Craig set up a multisignature crypto wallet where each holds one key and two of the three keys must be present to send a transaction. To make a payment, Justin would create a transaction and sign it with his key; he would then send this transaction to Vittie, who would sign it with her key. From here, Vittie can either send it back to Justin to finalize the transaction or send it to Craig for him to sign too (though this last step is not necessary, considering only two of the three keys are needed to unlock the wallet).
Typically, hardware wallets (namely, Trezor, Coldcard, and Ledger) are the go-to option for using a multisig setup since they are the safest way to store a private key. Once these wallets are combined into a multisig setup, they create an entirely new multisignature address that is independent of each individual hardware wallet.
When would someone use a multisignature crypto wallet?
For retail investors, multisignature wallets are commonly used to secure bitcoin, but you can also use them for ether and other cryptocurrencies.
Most notably, crypto exchanges, brokers/OTCs, investment funds and other crypto companies use multisignature storage to secure their cold storage funds. Exchanges, brokers, and the like distribute admin keys for their funds in order to distribute the risk; if a hacker wants access to their reserves, they’re going to need several keys to do so. Similarly, multisig ensures that no one person in the firm is able to unilaterally withdraw funds from the account. The more signatures you need to execute a transaction, the more distributed the decision-making process can be.
Other specific use-cases may involve setting up a shared account among family members (for, e.g., a trust or estate) or an escrow account (for, e.g., a bet or a sale of property). Relatively speaking, multisig is still a niche custody practice among cryptocurrency holders. Still, that doesn’t mean your typical crypto user doesn’t use it to custody their coins.
When multisig goes wrong
Multisig provides an extra layer of protection for cryptocurrencies holdings, but it’s not without risks.
For Bitcoin, multisignature wallet software has come a long way since the early days of Electrum (one of the earliest Bitcoin software wallets which was also one of the first to support multisig), but it’s still a complex process for less technically savvy users. The forthcoming Taproot upgrade, which will enrich Bitcoin’s scripting language to make coding smart contracts easier, will likely improve consumer-grade multisig software.
Each single-signature wallet has an associated seed phrase that allows a user to back up and recover their wallet. A multisig wallet, however, does not have this back-up mechanism; this is part of its design. So if you lose the majority of wallets in a multisig and the seed phrases for these wallets, then you lose access to the whole vault (of course, the same could be said for losing the device and seed phrase for a single-signature wallet).
Should I use multisig?
Multisignature proponents argue that multisignature is the most secure and fail-proof way to store cryptocurrency. Even if a thief gets their hands on one of your wallets, for example, they still won’t be able to access your account without the keys to the other wallets in the setup.
Still, there are others who argue that the multisignature user experience is not simplified enough for average users, so only those who really know what they’re doing should bother with it.
How do I set up a multisignature wallet?
Historically, multisignature wallets have been the domain of developers or hardcore Bitcoiners as they are difficult to set up from scratch. Luckily, today’s tenderfoot multisignature users have it easier than the trailblazers of yesteryear. Nowadays, there are wallet softwares that streamline the multisig setup process, as well as services that provide customer support and key management services (for instance, if an unwitting client loses a hardware wallet to the ether, the service has a key as backup).
For Bitcoin custody specifically, some popular multisig service providers with key management services include Blockstream, Casa and Unchained Capital. Other open-source, do-it-yourself multisig software includes Caravan, Electrum, Lily, Nunchuck and Specter, among others.
Jul 31, 2020 at 16:00 UTCUpdated Jul 31, 2020 at 16:06 UTCBitcoin News Roundup for July 31, 2020With the dollar dropping to its lowest level since May 2018 and a reshuffle in Japan’s central bank, CoinDesk’s Markets Daily is back. For early access before our regular noon Eastern time releases , subscribe with Apple Podcasts, Spotify, Pocketcasts, Google Podcasts, Castbox, Stitcher, RadioPublica or RSS.…
news Dmitri Vasilev, the former CEO the now defunct crypto exchange WEX, was arrested Friday in Italy, the BBC’s Russian Service reported. The publication cites Vasilev’s acquaintance and two anonymous investors in WEX who told BBC about the arrest. The attaché of the Russian embassy in Italy, Dmitri Gurin, declined to provide any details, as…
news An investigation by EU law enforcement agency Europol and British and German police agencies has led to the arrest of a 36-year-old man suspected of carrying out a spate of crypto thefts. Europol announced Wednesday that the British man is suspected of stealing around €10 million ($11.34 million) worth of iota tokens in January 2018…
Brink's, the 164-year-old cash handling firm known for its bullet-proof trucks, has made a strategic investment in cryptocurrency custody specialist BitGo, the companies said on Wednesday. The financial details of the investment were not disclosed.Crypto has its roots in retail self-custody, but these days institutions are investing billions on behalf of clients, often requiring the
Bitfinex is sending massive quantities of tether tokens back to the vaults. The cryptocurrency exchange has overlapping management and owners with Tether Ltd., the company that issues a dollar-linked cryptocurrency of the same name (often abbreviated USDT). Both firms have come under increasing scrutiny following USDT's dramatic break with dollar parity last week, when the…
NEWSINBRIEF What do you get when you put the chairman of the U.S. Securities and Exchange Commission (SEC) in front of an audience of crypto insiders? An applause line, a word of warning and an analogy about theater tickets. Jay Clayton took the stage Tuesday afternoon at the CoinDesk-organized Consensus: Invest conference in midtown Manhattan. In a…
Binance Holding Ltd. would be asked to pay $4 billion to settle U.S. Department of Justice accusations of multiple criminal violations, according to a report from Bloomberg News on negotiations between the DOJ and the company, which are also leaving open the possibility that its founder Changpeng "CZ" Zhao would also face U.S. criminal charges.Binance
Mar 12, 2020 at 08:10 UTCUpdated Mar 12, 2020 at 08:42 UTCThe AMF's legal analysis found that existing EU markets regulations would stifle any promising blockchain enterprise. Image via Bruno Bleu / ShutterstockFrance’s Financial Markets Authority (AMF) has proposed that all of Europe adopt a regulatory sandbox to support the emerging security token industry.The “Digital…
It's hardly controversial to assert that cryptocurrencies have an image problem following the spectacular blowups and scandals of 2022.From Sam Bankman-Fried's alleged misdeeds at FTX to the collapse of Do Kwon's Terra ecosystem, anyone searching for reasons to mistrust digital assets has a robust menu to pick from.This article is excerpted from CoinDesk’s inaugural Consensus…