Security

Multisig Wallets Explained for Beginners

Alan

A single seed phrase is one piece of paper between you and a six-figure loss. Lose it, burn it, leave it in the wrong hotel safe — same outcome. Crypto’s worst design flaw is that any single key controls everything.

Multisig fixes that. It’s the security upgrade that institutions use, that DAOs run their treasuries on, and that maybe three retail traders I know personally have actually set up for themselves. This post explains what it is, when it makes sense, and the step-by-step for setting one up. Some links here are affiliate. I’ll flag them.

Short answer: A multisig wallet requires multiple signatures (private keys) to authorise a transaction. The most common setup is 2-of-3 — three keys exist, any two of them are needed to move funds. This means a stolen key, a lost key, or a single compromised device doesn’t drain the wallet. Gnosis Safe (now branded just “Safe”) is the dominant multisig platform on Ethereum and EVM chains. Multisig makes sense for holdings above £25,000-£50,000, for shared treasuries, and for inheritance planning. Below that threshold the complexity rarely justifies the security upgrade.

Get a Ledger to use as one of your multisig signers → (affiliate)

Key takeaways

  • Multisig means “multiple signatures” — a wallet that requires m signatures out of n total keys to move funds.
  • 2-of-3 is the default for most personal setups: three keys, any two of them sign, single point of failure removed.
  • Gnosis Safe (Safe) is the dominant multisig on Ethereum and EVM chains. It secures over $100 billion in DAO treasuries and institutional holdings according to publicly available analytics from the Safe team.
  • Multisig adds gas costs and operational friction — every transaction requires coordination between signers.
  • A multisig pairs well with hardware wallets — each signer is a separate Ledger or Trezor, no single device holds all the keys.

What multisig actually is (m-of-n explained simply)

A standard crypto wallet has one private key. Whoever holds the key controls the funds. End of story.

A multisig wallet has multiple private keys. A rule (encoded in a smart contract or in the wallet itself) sets how many of those keys are needed to authorise a transaction. The format is “m-of-n”:

  • n = the total number of keys
  • m = the number of those keys required to sign

Common configurations

  • 2-of-2: Both keys needed for every transaction. Maximum security, but if either key is lost, the funds are stuck. Used for joint accounts where both parties must always agree.
  • 2-of-3: Three keys, any two can authorise. The most popular setup. Lose one key — still safe. Compromise one key — funds don’t move. This is the default for personal use, family setups, and small treasuries.
  • 3-of-5: Five keys, three required. Used by larger treasuries where multiple stakeholders share authority and no single party should be able to combine with one other to move funds.
  • 4-of-7 / 5-of-9 / etc.: DAO treasuries and large institutional setups. Distributed across multiple jurisdictions and individuals.

Why m-of-n matters

The key insight is the asymmetric protection. With 2-of-3:

  • An attacker who compromises one key still can’t move funds (needs two)
  • A user who loses one key still controls the funds (has two)

Neither failure mode wipes the wallet. That’s the entire pitch.

When multisig makes sense (size + governance threshold)

The honest answer: not for everyone. Multisig adds operational friction, gas costs, and complexity. Below a certain threshold, a hardware wallet with a strong seed-backup strategy is enough.

When it’s worth it

  • Holdings above £25,000-£50,000. This is the rough threshold where the protection upgrade justifies the friction.
  • Shared funds. Family money, business accounts, DAO treasuries, anything where more than one person needs authorisation.
  • Inheritance planning. Multisig with keys distributed to trusted parties means the funds aren’t lost if you’re incapacitated.
  • DAO and protocol treasuries. Anything where transparency and multi-party control are governance requirements.
  • High-value cold storage. When the alternative is one seed phrase in one safe, distributing the trust across multiple keys removes the single point of failure.

When it’s overkill

  • Trading float. Active trading capital needs to move quickly. Multisig adds delay every time.
  • Small holdings. Under £10,000, a Ledger Nano X with a properly-backed-up seed phrase is enough. The friction of multisig isn’t worth it.
  • Single-user setups with no inheritance concern. If you’re the only one who’ll ever access the funds and you have a solid seed backup, multisig adds complexity without much new protection.

My rule of thumb

Active trading float on the exchange. Mid-term holdings on a single Ledger. Long-term cold storage above a meaningful threshold (whatever “meaningful” means for you) on a 2-of-3 multisig with hardware wallets as signers.

The 2-of-3 default

The reason 2-of-3 is the default is the maths balances three failure modes.

Failure mode 1: lose a key

Lose one of three. The other two still work. Sign, move funds to a new multisig, regenerate the lost key.

Failure mode 2: compromise a key

Attacker gets one key. They can’t move funds (needs two). You notice the compromise, move funds to a new wallet, deregister the compromised key.

Failure mode 3: two keys lost simultaneously

Now you’re stuck. This is the failure case. If you lose two of three keys at once, the funds are unrecoverable.

The maths: with 2-of-3, you can survive any single failure. You can’t survive two simultaneous failures. That’s the trade.

How to make 2-of-3 actually safe

  • Geographic separation. Three keys in three locations. Home safe, bank deposit box, trusted relative’s house. A house fire takes out one, not three.
  • Three different hardware wallets. A Ledger, a Trezor, and a Coldcard, for example. A vulnerability in one manufacturer’s firmware doesn’t compromise all three.
  • Don’t write the keys’ purpose on the backup. A burglar who finds a Ledger marked “multisig signer 1” knows there’s more value to find.
  • Test the recovery quarterly. Sign a small test transaction every three months to confirm all three keys still work and you remember which is which.

The hot vs cold wallet post covers complementary wallet strategy.

Gnosis Safe / Safe (the most common multisig)

Safe (formerly Gnosis Safe) is the standard for multisig on Ethereum and EVM-compatible chains (Polygon, Arbitrum, Optimism, BSC, Base, and others). It’s an open-source smart contract wallet that’s secured massive DAO treasuries and is publicly audited.

What it does well

  • Open source. The contracts are public and have been audited by multiple firms. Trail of Bits, OpenZeppelin, and others have published reviews.
  • Cross-chain. The same Safe can exist on multiple EVM chains with the same address (or you can deploy separate ones per chain).
  • Hardware wallet integration. Each signer can use a Ledger, Trezor, or similar. The signer experience is the same as signing any other on-chain transaction.
  • dApp integration. Most major DeFi protocols support Safe as a wallet. You can use Aave, Uniswap, Compound, etc. directly from a Safe.
  • Recovery options. Module-based architecture supports social recovery, time-locked recovery, and dead-man switches.

Trade-offs

  • Gas cost. Every transaction is a smart contract call. Costs more gas than a standard wallet transaction — sometimes 2-5x more on Ethereum mainnet.
  • Setup complexity. Initial deployment requires understanding signers, threshold, and the on-chain creation transaction.
  • Chain-specific. Safe is EVM-only. For Bitcoin multisig, you need a different tool (Sparrow Wallet, Specter, Casa).
  • No mobile-first experience. The Safe web UI is the main interface. The mobile app exists but the desktop experience is primary.

Safe vs alternatives

For Ethereum and EVM chains, Safe is the default. For Bitcoin, the main options are Sparrow Wallet (desktop, technical), Specter Desktop (similar), and Casa (paid, custodial-adjacent, very user-friendly).

For Solana, Squads Protocol is the dominant multisig. For Cosmos chains, native multisig is built into the protocol. For other chains, check what the major institutions use.

Multisig with hardware wallets (Ledger as a signer)

The strongest multisig setup combines a multi-key threshold with hardware-wallet signers. Each key lives on a different hardware wallet. The smart contract enforces the threshold. The seed phrases never touch a connected device.

A typical 2-of-3 hardware setup

  • Signer 1: Ledger Nano X kept at home in a safe
  • Signer 2: Ledger Nano S Plus kept at a separate physical location (relative’s house, bank deposit box)
  • Signer 3: Trezor Safe 3 kept at a third location, or held by a trusted third party

Three devices, three different physical locations, two manufacturers. To move funds, you need access to two of the three. To compromise the wallet, an attacker needs to compromise two devices in two locations.

This is the structure most security-conscious whales run for cold storage.

Why two manufacturers?

If a firmware vulnerability is found in one hardware wallet brand, the multisig is still safe because only one of three signers is affected. A 2-of-3 with all three signers being the same hardware model has a correlated risk if that model is exploited.

Connecting hardware wallets to Safe

Safe supports Ledger and Trezor natively in the web interface. You connect each device via USB or Bluetooth, the Safe UI prompts the device to sign, and the on-device screen shows the transaction details for confirmation.

The Ledger Nano X review covers the device I use for multisig signers. Ledger vs Trezor is the head-to-head.

Real example: family inheritance multisig

Here’s a setup I’ve helped a couple of people implement.

The situation: a trader in their late 40s with a meaningful crypto position and a family. Wants their spouse to be able to access funds if they’re incapacitated, but doesn’t want either spouse to have unilateral access (in case of compromise or coercion). Also wants a backup in case both die.

The setup: 2-of-3 multisig with these signers:

  • Signer 1: Trader’s hardware wallet, at home
  • Signer 2: Spouse’s hardware wallet, at the same home (different safe)
  • Signer 3: A “dead-man” key held by a trusted estate lawyer, only usable after a 90-day time lock

Normal operation: trader signs, spouse signs, transaction goes through. Either of them on their own can’t move funds.

Compromise scenario: if one device is stolen, the attacker has one of three keys — can’t move funds.

Incapacitation scenario: if the trader dies, the spouse still has one signer and can use the lawyer’s signer (after the time lock) to access funds. The 90-day time lock prevents the lawyer from acting unilaterally if their key is compromised.

It’s not bulletproof. It is much better than a single seed in a single safe.

Real example: DAO treasury multisig

The other common multisig pattern is treasury management for a DAO, protocol, or business.

Typical setup: 5-of-9 or 4-of-7, with signers distributed across:

  • Core team members (3-4 signers)
  • External advisors or community representatives (2-3 signers)
  • Possibly an independent guardian or auditor (1-2 signers)

Why higher thresholds: governance considerations. A treasury that can be moved by 2 of 3 signers concentrates power in any pair. A 5-of-9 means no small clique can unilaterally drain funds. The trade-off is more friction on every transaction.

The Safe interface shows pending transactions to all signers. Each signer reviews and signs (or rejects) in their own time. Once the threshold is reached, anyone can execute the transaction on-chain.

Most major DeFi protocols, NFT projects, and crypto-native businesses use Safe for treasury management. The total value secured by Safe wallets is well over $100 billion based on public analytics from the Safe team.

Multisig vs Shamir Backup

Multisig is sometimes confused with Shamir Backup (SLIP-39). They solve a similar problem differently.

Feature Multisig (Safe) Shamir Backup (Trezor)
What’s split The authority to spend The seed phrase backup
Where the split lives On-chain smart contract Off-chain paper shares
Recovery threshold m-of-n signers m-of-n shares
Active wallet has Multiple keys One reconstructed key
Gas overhead Higher (smart contract) Same as normal wallet
Day-to-day flow Coordinate signers per tx Single seed in single device
Compromise of single piece Funds safe Funds safe
Loss of multiple pieces Funds gone Funds gone
Chain support EVM, BTC, Solana (various tools) Trezor-only

When to use which

Multisig when you want ongoing distributed control — multiple parties sign every transaction. Used for shared treasuries, business accounts, governance setups, and inheritance plans with active third parties.

Shamir Backup when you want distributed backup but a single wallet user. The seed lives in pieces (e.g., 2-of-3 paper shares) but the wallet operates normally — one device, one signature per transaction. Used for individual cold storage with strong backup redundancy.

Most people who need either should consider Shamir first. It’s simpler and adds no operational overhead. Multisig is for cases where you really need multi-party authorisation.

Multisig fees + complexity tradeoffs

This is the bit most multisig guides skip. The real costs.

Gas costs

A Safe transaction on Ethereum mainnet costs roughly 2-5x what a standard wallet transaction costs. During gas price spikes this can mean £50-£200 per transaction. On Layer 2 (Arbitrum, Optimism, Base) and on sidechains (Polygon) the costs are far lower — often under £1.

If you’re running a multisig on mainnet, plan for those gas costs. If you’re holding for the long term and rarely moving funds, the costs are negligible per year. If you’re making frequent moves, layer 2 makes more sense.

Operational friction

Every transaction requires coordination. In a 2-of-3 setup, two signers have to be available and willing to review and sign within a reasonable time window. For solo use this might mean walking to a different room to get the second device. For multi-party setups it means messaging the other signers and waiting.

This is fine for cold storage. It’s painful for active management.

Smart contract risk

Safe contracts have been audited multiple times and have a very strong track record. But the underlying contract is code. Code can have bugs. The probability is low. The probability is not zero. For very large holdings, some users diversify across multiple multisig wallets to avoid single-contract concentration.

Recovery complexity

If something goes wrong with the multisig setup — a signer changes hardware, loses access, or fails — you need to deploy a new Safe and migrate funds. That’s a transaction itself. Plan for it; don’t be surprised by it.

Setting up your first Safe (step by step)

This is the actual walkthrough for setting up a 2-of-3 multisig on Safe.

Pre-requisites

  • Three hardware wallets (or three different software wallets if you’re testing — use small amounts)
  • A small amount of ETH (or the native token of the chain you’re deploying on) for the deployment gas
  • A laptop with each hardware wallet’s bridge software installed
  • An understanding of the threshold you want (start with 2-of-3 if you’re new)

Steps

  1. Go to app.safe.global. This is the official Safe interface. Bookmark it. Don’t trust ad results.
  2. Connect one of your wallets. This wallet will deploy the Safe and is your first signer.
  3. Choose the chain. Ethereum mainnet is the default but expensive. Arbitrum or Optimism are cheaper and just as secure for most use cases.
  4. Click “Create new Safe.” Name it something meaningful (this name is local — only visible to you).
  5. Add the signers. Paste in the addresses of the three hardware wallets (or whichever wallets you’ve chosen). Make sure each address is correct — paste-verify by reading the full address character-by-character.
  6. Set the threshold. Choose 2 (for 2-of-3).
  7. Review the deployment. The Safe interface shows the gas estimate. On mainnet this might be £20-£50. On L2 it’s pence.
  8. Sign the deployment transaction. Your first wallet signs and broadcasts.
  9. Wait for confirmation. Usually one or two blocks on L2, a minute or two on mainnet.
  10. The Safe is live. You’ll get a unique Safe address. This is the address you fund and use as your wallet.

Testing

Before moving any meaningful amount to the new Safe:

  1. Send a small amount of ETH (say £20) to the Safe address.
  2. Try sending that ETH back to your personal wallet. This will require two of your three signers.
  3. Confirm the transaction works. The flow: propose from one signer, the second signer reviews and approves, anyone executes.
  4. Once you’ve confirmed the round-trip works, you can start moving real funds.

That’s the entire setup. Allow 30-60 minutes for the first time.

Hardware wallets are the right multisig signers.

Each signer in your multisig should be a separate hardware device. The Ledger Nano X is what I use for one of mine.

Check the Ledger Nano X →

Affiliate link.

Multisig vs an exchange’s Earn vault

Worth a brief comparison. For traders who want to hold funds securely but accessibly, a multisig is one option. A regulated exchange’s Earn product is another.

Multisig pros vs Earn: self-custody, no counterparty risk, no withdrawal limits, no exchange-failure risk.

Earn pros vs multisig: yield, no gas costs, simpler operationally, instant access.

I split mine. Long-term holdings on a hardware-backed multisig (or a single Ledger for amounts below the multisig threshold). Mid-term flexible savings on BitGet Earn. Active trading float in the spot account.

If you want to compare exchanges directly, the BitGet review is my honest take on the platform I use.

FAQ

What does m-of-n mean in multisig?

The configuration of a multisig wallet. “n” is the total number of keys, “m” is the number required to authorise a transaction. A 2-of-3 multisig has three keys, any two of which can sign.

Is multisig safer than a hardware wallet?

For very high values or multi-party setups, yes. For a single user with a properly-backed-up hardware wallet, the security upgrade is real but the complexity overhead means it’s not always worth it under a certain threshold.

What is Gnosis Safe?

Gnosis Safe (rebranded as “Safe”) is an open-source multisig smart contract wallet on Ethereum and EVM chains. It’s the dominant multisig platform, securing over $100 billion in DAO treasuries and institutional holdings.

Can I use a Ledger as a multisig signer?

Yes. Safe natively supports Ledger as a signer. Each signer in a multisig can be a separate Ledger or Trezor — this is the recommended setup for cold storage multisig.

How much does it cost to deploy a Safe?

Gas cost only. On Ethereum mainnet this is typically £20-£100 depending on gas prices. On L2 chains (Arbitrum, Optimism, Base) and sidechains (Polygon) it’s under £1.

What happens if I lose one of my multisig keys?

In a 2-of-3, losing one key is fine — the other two can still move funds. You’d then deploy a new Safe with three new keys and migrate the funds, deregistering the lost key.

Does multisig work for Bitcoin?

Yes, via tools like Sparrow Wallet, Specter Desktop, or Casa. Bitcoin multisig uses a different mechanism than Ethereum (Script-based vs smart contract) but the concept is the same.

Is multisig overkill for £10,000?

Usually yes. A hardware wallet with a properly-backed-up seed phrase (ideally on metal) is enough at that level. Multisig starts to make sense above £25,000-£50,000 or for multi-party setups.

Final word

Multisig is the security model for crypto holdings where a single seed phrase is the wrong amount of trust. It’s used by DAOs, institutions, and security-conscious individuals to remove the single point of failure inherent in standard wallets.

For most retail users, the upgrade path is: exchange account, then single hardware wallet, then multisig once holdings cross a meaningful threshold or family/inheritance considerations apply. Skipping straight to multisig before you understand standard self-custody is asking for the worst kind of complexity-induced loss.

If you’re at the point where multisig makes sense, the 2-of-3 hardware-wallet setup on Safe is the well-trodden path. It’s what institutions run. It’s what serious individual holders run. It’s what I’d run if my holdings crossed the threshold to justify it.

Right — over to you.

Disclaimer: Crypto trading carries significant risk. You can lose all of your capital. Nothing in this article is financial advice — it’s my personal opinion and experience as a retail trader. Always do your own research before making any trade or investment decision.

Affiliate disclosure: Some links in this article are affiliate or referral links. If you sign up through them I may earn a commission, at no extra cost to you. I only link to products and platforms I actually use.

Last updated: May 2026.

Alan Spicer

Crypto trader since 2020 · Coin Bureau · Crypto Banter · Trade Travel Chill

Alan has been in crypto for nearly six years. He writes what he wishes someone had told him on day one — the wins, the rugs, and the stuff the YouTubers won’t say on camera.

More from Alan →

Related posts


Related Posts

Leave a Reply

Your email address will not be published. Required fields are marked *