In traditional business, “key person risk” refers to when a company relies too much on one individual to succeed. Cryptocurrency businesses are prone to a very literal version of this risk when handling funds. The most infamous example may be QuadrigaCX, whose customers have been waiting nearly 3 years to recoup $115 million worth of deposits since the death of founder Gerald Cotten, the sole possessor of the cryptographic keys to the exchange’s wallet.
Fortunately, multisignature cryptocurrency wallets offer a built-in way to manage this sort of risk.
Multisignature wallets (or multisig, for short), are cryptocurrency wallets which require two or more private keys to sign and send a transaction. The storage method requires multiple cryptographic signatures (a private key’s unique fingerprint) to access the wallet.
Of course, multisig is not a panacea, as customers of OKEx learned last month, when the exchange suspended withdrawals, explaining (somewhat cryptically) that one of its key holders was cooperating with an investigation and had fallen “out of touch.” Without that key holder’s authorization, OKEx was unable to give customers their money back.
But properly used, multisig can mitigate the hazards of dealing with digital bearer assets where transactions are irreversible. What follows is an explainer of how mutisig works, why someone might want to use it, how it can go awry, and more.
Imagine a bank vault that requires more than one key to open: That’s a little how multisignature cryptocurrency wallets work (and why multisignature wallets are typically called vaults).
You can choose how many keys are allowed to open the vault as well as the minimum number of keys needed to unlock it (e.g., you could have a 2-of-3 multisig where two out of three assigned private keys are needed, 3-of-5, 5-of-7, etc).
It works like this: Justin, Vittie and Craig set up a multisignature crypto wallet where each holds one key and two of the three keys must be present to send a transaction. To make a payment, Justin would create a transaction and sign it with his key; he would then send this transaction to Vittie, who would sign it with her key. From here, Vittie can either send it back to Justin to finalize the transaction or send it to Craig for him to sign too (though this last step is not necessary, considering only two of the three keys are needed to unlock the wallet).
Typically, hardware wallets (namely, Trezor, Coldcard, and Ledger) are the go-to option for using a multisig setup since they are the safest way to store a private key. Once these wallets are combined into a multisig setup, they create an entirely new multisignature address that is independent of each individual hardware wallet.
For retail investors, multisignature wallets are commonly used to secure bitcoin, but you can also use them for ether and other cryptocurrencies.
Most notably, crypto exchanges, brokers/OTCs, investment funds and other crypto companies use multisignature storage to secure their cold storage funds. Exchanges, brokers, and the like distribute admin keys for their funds in order to distribute the risk; if a hacker wants access to their reserves, they’re going to need several keys to do so. Similarly, multisig ensures that no one person in the firm is able to unilaterally withdraw funds from the account. The more signatures you need to execute a transaction, the more distributed the decision-making process can be.
Other specific use-cases may involve setting up a shared account among family members (for, e.g., a trust or estate) or an escrow account (for, e.g., a bet or a sale of property). Relatively speaking, multisig is still a niche custody practice among cryptocurrency holders. Still, that doesn’t mean your typical crypto user doesn’t use it to custody their coins.
Multisig provides an extra layer of protection for cryptocurrencies holdings, but it’s not without risks.
For Bitcoin, multisignature wallet software has come a long way since the early days of Electrum (one of the earliest Bitcoin software wallets which was also one of the first to support multisig), but it’s still a complex process for less technically savvy users. The forthcoming Taproot upgrade, which will enrich Bitcoin’s scripting language to make coding smart contracts easier, will likely improve consumer-grade multisig software.
Each single-signature wallet has an associated seed phrase that allows a user to back up and recover their wallet. A multisig wallet, however, does not have this back-up mechanism; this is part of its design. So if you lose the majority of wallets in a multisig and the seed phrases for these wallets, then you lose access to the whole vault (of course, the same could be said for losing the device and seed phrase for a single-signature wallet).
Multisignature proponents argue that multisignature is the most secure and fail-proof way to store cryptocurrency. Even if a thief gets their hands on one of your wallets, for example, they still won’t be able to access your account without the keys to the other wallets in the setup.
Still, there are others who argue that the multisignature user experience is not simplified enough for average users, so only those who really know what they’re doing should bother with it.
Historically, multisignature wallets have been the domain of developers or hardcore Bitcoiners as they are difficult to set up from scratch. Luckily, today’s tenderfoot multisignature users have it easier than the trailblazers of yesteryear. Nowadays, there are wallet softwares that streamline the multisig setup process, as well as services that provide customer support and key management services (for instance, if an unwitting client loses a hardware wallet to the ether, the service has a key as backup).
For Bitcoin custody specifically, some popular multisig service providers with key management services include Blockstream, Casa and Unchained Capital. Other open-source, do-it-yourself multisig software includes Caravan, Electrum, Lily, Nunchuck and Specter, among others.
