As you dive deeper into Bitcoin and self-custody, safeguarding your funds becomes a top priority. Relying on a wallet backup can feel risky, knowing that a single list of words holds the key to your funds. This is called a single point of failure, and there are several ways you can reduce this risk.
Multisig, short for multiple signatures, is a method of securing a wallet by requiring approval from multiple private keys stored on separate devices when sending transactions. While Trezor recommends SLIP39 wallets as a simpler yet equally robust alternative in terms of backups (more on that later), Trezor devices are fully compatible with multisig setups, allowing you to choose the option that best fits your needs.
Multisig wallets have been widely used in the Bitcoin community since their introduction in 2012. Prominent figures like Andreas Antonopoulos and Jameson Lopp have dedicated years to educating others about multisig wallets and their advantages, making multisig a pillar of many Bitcoiners’ security strategies.
Multisig setups are especially popular with users who are ready to take their security a step further. A multisig wallet can protect you from losing access to your funds if your device or wallet backup is lost.
You can set up multisig independently or use a service like Casa, which can assist in managing the setup and holding some of the keys.
Transactions using a multisig wallet require approval from multiple devices. Here’s how it works:
Start the transaction in your wallet software. Use wallets like Electrum, Sparrow, or Casa (a paid service).
Important: If you’re using Electrum, Sparrow or any other non-custodial wallet, you’ll need the extended public key (XPUB) for each key in your keyset, not just the keys required to sign. If you do not have the XPUB for every single key used to set up the wallet, you will not be able to send your transaction or access your wallet. Paid services like Casa store your XPUBs as well as some keys for you, simplifying the process and reducing the likelihood of user error.
Sign the transaction from multiple devices. Each participating device needs to approve the transaction.
Send the transaction once enough devices have signed. The transaction will be broadcast to the blockchain.
Multisig is a diverse wallet type that can be applied many different ways. In principle, it’s just a series of wallets that need to collaborate to unlock access to funds. Lets look some the different types of multisig setups.
Multisig wallets allow for flexible setups. One of the most popular configurations is 2-of-3:
You should choose your setup based on your personal needs. Most users find 2-of-3 or 3-of-5 setups to be secure without being overly complex.
If you start with a 2-of-3 setup and decide to move to a 3-of-5, you will need to move your funds to a brand new multisig wallet. For more information about this, please read the section called Lost/compromised keys & key rotations.
Although Trezor Suite doesn’t support multisig wallets directly, you can create multisig wallets using desktop wallets like Electrum. Learn more about this process here.
For many users, managing a multisig wallet independently can be challenging. Multisig setups are complex. There’s a higher risk of errors that could result in lost access, and securely distributing keys across multiple locations can be difficult.
For a comprehensive tutorial on setting up Trezor with Electrum and creating a multisig wallet, please watch the following video:
Services like Casa (compatible with Trezor devices) offer a simpler solution. With Casa, a third party holds some of the keys, allowing you to benefit from multisig security without managing all the keys yourself. This “hybrid” approach can be a good option for those who want multisig security but aren’t fully comfortable with the setup process or the full responsibility of managing every one of their keys and their XPUBs.
One of the advantages here is that the custodian is not able to access your funds without your key. For example, in a Casa 2-of-3 setup, Casa holds one key, one key is stored in the cloud storage of your mobile device, and one key is stored on your hardware wallet.
In practice, this means that if you lose your hardware wallet and backup, you collect the key managed by Casa and the key stored in your cloud and have a second option to access your funds.
Another benefit of using Casa is the ability to set up inheritance planning. Multisig wallets can be complex and difficult for beneficiaries to manage if something happens to the wallet owner, but Casa simplifies this process to ensure funds are accessible.
These services vary in cost depending on the complexity of your setup and level of service they provide, so it’s important to decide if the added convenience and shared custody are worth it for you.
Imagine you and two colleagues run a business, and your Bitcoin earnings are stored on an exchange. Recognizing the risks—hacks, frozen accounts, or exchange shutdowns—you decide to move your funds into a multisig wallet for greater security and control.
You set up a 2-of-3 multisig wallet, where three unique keys are created, and any two are required to approve a transaction. Each of you holds one key, with backups stored in secure, separate locations. This setup is ideal for scenarios where collaboration is required for financial decisions:
One of your colleagues loses their key. With a 2-of-3 setup, the other two keys can still approve transactions (assuming all three XPUBs are accessible) and you can create a new multisig wallet to rotate the lost key out, ensuring your funds remain secure.
No single person can unilaterally access or move funds, preventing unauthorized transactions if one keyholder’s credentials are compromised.
If one partner is traveling or unreachable, the remaining two can still manage business expenses or approve critical transactions.
A multisig wallet not only adds a layer of security but also promotes shared accountability. For businesses or groups managing shared funds, it’s a practical way to reduce a single point of failure and secure funds.
Multisig is a secure way to store your Bitcoin, as it removes the risk of a single point of failure. By requiring multiple keys to authorize a transaction, it provides protection against losing access to your funds from human error or a stolen wallet backup. However, managing multiple keys adds complexity and introduces additional risks if not handled carefully.
For instance, if you lose your extended public key (XPUB), you won’t be able to send transactions, even if you still have enough private keys to meet the threshold.
While multisig is a powerful tool for distributing risk, we recommend starting with a SLIP39/Shamir backup if you’re new to managing multiple sources of backup information. SLIP39 is easier to work with, and it allows you to upgrade your setup without the need to move your funds, and does not require you to manage any XPUBs.
Multisig can be compared to SatoshiLabs’ SLIP39 standard. Both methods help distribute risk and avoid a single point of failure. However, multisig is a more advanced setup that typically requires technical knowledge or trusting a third party with some of your keys. SLIP39, on the other hand, is simpler to set up, requires only one hardware wallet, and is the standard backup method for newer Trezor devices.
The key difference lies in their purpose and application:
If you need multiple people to approve transactions, multisig is likely the better option. But if you’re an individual looking to add extra security by reducing a single point of failure, we recommend using a SLIP39 Shamir backup.
In a multisig wallet, transaction fees are determined by the size of the transaction in bytes, rather than the amount of Bitcoin being sent. Since multisig setups involve multiple keys, signatures, and scripts, they generate more data for each transaction. Here’s why this matters:
Multisig users should be especially cautious during periods of high network congestion, as fees can rise dramatically. For example, consolidating multiple UTXOs in a multisig wallet during a busy period can result in very high fees.
SLIP39 (Shamir backup) operates differently because it is a backup and recovery system, not an active part of the transaction process.
Here’s how SLIP39 avoids the fee implications of multisig:
Key rotation is an essential part of maintaining a secure multisig setup over time. It involves replacing one or more keys in your multisig wallet without compromising access to your funds. This process can be necessary for various reasons, such as a lost or compromised key, routine security updates, or simply upgrading to newer hardware or a new multisig setup, such as changing a 2-of-3 to a 3-of-5.
In a multisig wallet, each key is critical to the security of your funds. If you lose a key or suspect it may be compromised, you should immediately rotate that key to ensure the integrity of your setup. This means creating a new key, adding it to your multisig wallet, and removing the old one. Unfortunately, this process typically requires creating an entirely new multisig wallet and transferring your funds to it, as most wallet software does not support in-place key replacement for security reasons.
Key rotation can also be a proactive measure to enhance security. For example, if you are using older hardware or software that may no longer meet modern security standards, replacing those keys ensures your setup remains resilient against emerging threats.
Best practices for key rotations:
If key rotation seems overwhelming, consider starting with a SLIP39 Shamir backup, which allows you to upgrade your setup or replace shares without moving funds. While key rotations are a vital part of maintaining multisig wallets, they require careful planning and execution to avoid mistakes that could result in loss of funds.
If you lose one key in a multisig setup, you should still be able to recover your funds, as long as the number of required signatures (threshold) is lower than the total number of keys and you have the XPUBs of every single key. However, losing a key reduces your margin of safety, so it’s best to move your funds to a new wallet with fresh keys immediately (see the above section about key rotation).
You can use your Trezor device as a key in a multisig setup; however, Trezor Suite does not directly support managing multisig wallets.
To set up and manage a multisig wallet with your Trezor, you’ll need to use a third-party wallet such as Electrum or Casa, which are compatible with Trezor devices and support multisig configurations.
Managing a multisig wallet independently requires diligence. You’ll need to maintain multiple hardware devices and backups, keep firmware up to date, and ensure that your backups are accessible in case firmware updates wipe a device. Additionally, you’ll need to store each device’s extended public keys (XPUBs) to enable signing transactions, which adds to the complexity. Even if you have all your private keys, without your XPUB, you will not be able to send a transaction!
No, moving to a multisig wallet requires creating a new wallet with new keys and transferring your funds there. However, if you’re using a SLIP39 Single-share Backup, you can easily upgrade to a SLIP39 Multi-share Backup without moving your funds.
While technically possible, using SLIP39 Multi-share Backups as individual keys in a multisig setup is not recommended, as it adds significant complexity and increases the risk of setup errors.
Multisig wallets are identifiable on-chain. You can recognize potential multisig Bitcoin addresses by their format and script.
However, it’s important to note that not all addresses that start with 3 or bc1 are multisig addresses. Multisig wallets use special scripts that specify spending conditions, such as requiring multiple signatures. You can confirm if an address is multisig by inspecting its script or related transactions using tools like Bitcoin Core or blockchain explorers, which show the multiple signature requirements.
Security is your top priority when managing a multisig wallet. Here are some key tips to help you protect your funds and keep your multisig setup safe:
Multisig wallets offer enhanced security but are complex to set up and require a certain level of technical skill. If you’re new to Bitcoin but interested in using a multisig wallet, it’s entirely possible with some guidance. Genereally, these setups are most appropriate for groups of people who need to control a wallet collectively, such as in the case of a business or corporate treasury.
Services like Casa can help you set up a multisig wallet, with Casa holding some of the keys. This approach provides a good mix of self-custody and support, allowing you to use your Trezor device with a Casa wallet while benefiting from their personal assistance. These are paid services, making them a useful option for those looking to reduce private key risks with a bit of external help.
For users interested in handling their multisig wallets independently but concerned about the technical aspects of multisig, SatoshiLabs’ SLIP39 backup standard might be a simpler alternative. SLIP39 offers many of the security benefits of multisig by reducing single points of failure, with additional advantages:
To learn more about SLIP39 and how it compares to multisig, check out our articles on Single-share and Multi-share Backup options.
Multisig is a powerful tool for enhancing the security of your Bitcoin by requiring multiple keys to authorize transactions. It significantly reduces the risk of losing access to your funds due to a single point of failure, making it an excellent choice for those ready to take their self-custody setup to the next level. However, the added complexity of managing multiple keys, devices, and backups means it may not be ideal for everyone, especially beginners.
If you’re new to self-custody, consider starting with a SLIP39 Multi-share Backup. It offers similar protection against single points of failure while being easier to set up and manage. As you gain confidence and experience, you can explore whether multisig fits your specific needs for added security and key distribution.
Ultimately, the choice between multisig and SLIP39 comes down to your individual requirements, level of technical comfort, and the balance you want between convenience and security. Whatever you choose, Trezor devices are here to support your journey toward empowerment through self-custody!