What Is a Multisig Wallet?

By Lipsa Das

Web3 often involves collaborating with large groups of anonymous users across the internet. For instance, blockchain networks require the participation of computers across the world to function properly. Similarly, decentralized autonomous organizations (DAOs) use governance tokens to allow a large number of community members to vote on major protocol decisions.

So who manages the keys for a shared crypto wallet if the organization has no clear leader? For example, what if a CFO goes rogue, or your accountant decides to take an extended leave? In these situations, having a single entity or person coordinate assets raises trust issues and defeats the purpose of decentralization. 

That’s where multisig wallets come in. Multisig wallets provide a secure, transparent, and decentralized approach to managing shared funds. 

But what exactly is a multisignature wallet, and how does it work?

Let’s dive in.

What is a Multisig Wallet?

Also called a shared wallet, a multisig (multiple signatures) wallet is a type of cryptocurrency wallet that requires multiple signatures to validate and execute transactions. Unlike traditional crypto wallets that rely on a single private key, multisig wallets are set up with a predefined number of keys, which are held by different individuals or entities in varying geographic locations. 

Crypto wallets typically employ public-private key pairs to perform transactions and manage their digital assets. For the single-signature wallets, you only need one private key to authorize transactions. You lose that single key, or it becomes compromised, and you lose your cryptocurrencies. This means that you’re solely responsible for safeguarding the assets in your wallet.

The multisig technology, on the other hand, operates on shared responsibility and consensus, enabling two or more users to jointly sign transactions. In other words, multisig wallets generate multiple private keys that can be distributed among several participants via a smart contract. 

It allows you to predefine a threshold (such as 2-of-3 or 3-of-5) for the required number of signatures, ensuring the funds cannot be moved unless the threshold is met. This means that even if one key is lost or compromised, you can recover the funds. In DAOs, businesses, and institutions, this feature safeguards against abuse of power, minimizing the risk of unauthorized or fraudulent use of funds.

What is a Multisig Wallet For?

Multisignature wallets add an extra layer of security and foster shared accountability. It provides a practical way of distributing control, achieving consensus, and minimizing single points of failure when managing a shared pool of funds.

As such, shared wallets can be used in:

• DAOs – DAOs rely on shared resources and funds to drive their initiatives. Using shared multisig wallets allows DAO members to uphold transparency and fair use within their system of proposals, voting, and management and allocation of funds. By requiring consensus from multiple members to allocate funds, they prevent fraudulent activities and misuse.
• Managing business treasury – Enterprises and dApps utilize multisig for treasury management. This approach distributes financial control among key decision-makers while mitigating risks of fund misappropriation. For a business, for example, it ensures that large transactions require approval from multiple executives with access to the company’s funds. 
• Escrow services – In transactions where a third party holds funds until specific conditions are met, a multisig wallet ensures that all involved parties participate in authorizing the release of funds. This significantly increases transparency and security in escrow transactions on blockchain.
• Securing personal substantial holdings – Multisig wallets offer enhanced security for individuals with significant crypto holdings. It introduces an extra layer of protection, allowing them to spread out the keys among trusted family members or in different geographical locations.

How Does a MultiSig Wallet Work?

When a user initiates a blockchain transaction, a signature is required to validate that the user has enough coins and the valid private key to create the transaction. In a single-signature wallet, only the initiator signs the transaction. However, transactions in multisig setups require approvals from multiple users or devices.

A multisig wallet can be configured in two main ways:

• M-of-N setup – A specific subset of signers is required to approve a transaction. Typical setups include 2-of-3, 3-of-5, 5-of-7, and so on. For instance, in a 3-of-5 wallet, at least three signers out of the total must validate the transaction before it can be executed.
• N-of-N setup – All participants or co-signatories must validate a transaction for it to be executed and processed. For instance, a 3-of-3 setup dictates that all parties sign with their unique private keys for the transaction to be considered valid.

Participants, known as copayers, set up their own wallets and generate their cryptographic key pairs. Ideally, any one of the copayers can initiate a transaction, but the transaction remains pending until the other parties sign.

When a multisig wallet transaction is initiated, each copayer must sign it independently using their private key. The wallet verifies the validity of the signatures. Then, once it has enough signatures to reach the approval threshold, it’s authorized. Subsequently, the transaction is broadcast to the blockchain network.

Take a Web3 DAO that has five key members, Alice, Bob, Charlie, David, and Emily, for example.  \These 5 members operate a multisig wallet for managing the DAO’s treasury. Assuming the wallet uses a 3-of-5 multisig setup, it will require at least 3 members’ approval to execute transactions.

When the DAO receives funds, Alice, the treasury manager, proposes (initiates) a transaction to allocate funds for a community project, signing it with her private key. She creates a transaction proposal on the DAO’s governance forum, outlining the project details.

The other four members review the proposal and vote through the DAO’s governance platform. To validate and execute this transaction, at least two more members must vote in favor.

Bob, Charlie, and David support the proposal and sign with their unique private keys. Once the multisig wallet verifies the signature threshold is met, the blockchain executes the transaction, allocating the funds as per the proposal.

Single Signature vs Multi-signature wallets

Multisig wallets differ from single-signature wallets in transaction complexity, transparency, and security. Let’s look at the key advantages and disadvantages of using a multisig wallet for your community.

Benefits of Multisig wallets

Security 

One of the core promises of a multisig wallet is unparalleled security. Even if one key is compromised, an attacker still needs access to other keys to gain control of the wallet. Therefore, by equally distributing the power between signing authorities, multisig wallets eliminate “key person” risks common with single-signature wallets. This also ensures malicious members within the team cannot run off with the assets.

Think of this as the typical 2-factor authentication you use to sign in to services. You can only access the account with confirmatory codes from multiple devices. Similarly, in multisig wallets, every signature is equally important, removing the single point of failure.

Transparency

Multisig wallets enable trustless transactions due to their decentralized nature. Community members can track the wallet on block explorers (such as Etherscan) and see precisely when trusted parties move assets. No one can move assets without the permission of all the signing members — so the community can track any suspicious activity in real time.

Disadvantages of Multisig Wallets

Technical knowledge

Setting up multisig wallets often involves some technical knowledge due to the number of keys and recovery phrases needed. An alternative is to use a third-party provider to set up a multisig address, but that can also introduce additional costs.

Transaction speed

Since multisig wallets require confirmation from many parties, transaction speed is often slow. Therefore, multisig wallets are not ideal for communities that need quick or frequent transactions. In such cases, some of the funds could be moved to a hot wallet, and the bulk of the funds can be kept in the multisig wallets.

Fund recovery

Fund recovery can be challenging in multisig wallets. Since the wallet is tied to many private keys, users must import multiple recovery phrases from different devices. Recovery can be complex if one key holder loses access or becomes unresponsive.

How To Create a Multisig Wallet

While using a multisig wallet with a hardware wallet, also known as signer, has historically been challenging, Ledger signers™ have now successfully integrated multisig capabilities.

Creating a Bitcoin multisig wallet

For Bitcoin, you can create a multisig wallet using Ledger and Unchained.  Here’s how you can do just that step-by-step:

1. Create an Individual account on Unchained and go to the “Keys” tab. 
2. To create your first key, choose “Ledger” from the options and export your extended public key (xpub) from your Ledger signer via the prompt.
3. Once done, you’ll see the extended public key on the screen. Click on “Next” to confirm and create your first key. Repeat this process for the number of key holders in your multisig wallet.
4. Now, go to the “Vault” tab, choose the keys you’ve added, and create your multisig wallet.

To read the complete guide on how Unchained works with Ledger, check out this article.

Creating an Ethereum-compatible Multisig wallet 

For Ethereum and other EVM chains, you can create a multi-sig wallet using Safe, previously known as Gnosis Safe. With Safe Wallets, you can set up multiple signatories, with one of them controlled by your Ledger signer.

 To do so is easy: You can easily connect your Ledger wallet just like you would connect to any other blockchain app or service. Plus, if you want to do more with Safe, you can also connect your Ledger signer via Ledger Extension or even with the Safe mobile app and a Ledger Nano. Whichever way you decide to connect, you can rest easy that no one can find the private key to a piece of your multi-sig wallet, keeping those treasury funds in an offline environment. To learn more about how to get started, check out the Safe Help Center.

Ledger’s Multisig Wallet

While the existing multisig wallets clearly outshine traditional, single-signature wallets, most of them are hindered by a fundamental flaw—blind signing. They fail to translate transaction details in plain language, resulting in users approving transactions without fully understanding or even seeing the details. 

Even with off-device transactions, the transactions are simulated in a different environment from where they are signed. However, such simulations are still susceptible to spoofing and other online attack vectors. The Ledger Multisig wallet resolves this critical flaw.

The Ledger Multisig wallet is a shared wallet that combines Ledger’s hardware-backed security with a user-friendly software experience. Instead of off-device simulations, the final verification happens on trusted, isolated hardware with a secure display.

Simply, Ledger significantly enhances the security and user-friendliness of multisig wallets by mitigating the risks associated with blind signing. This is achieved through clear signing, automated transaction checks, and optimized management processes.

Clear signing

Ledger’s Clear Signing standard provides transaction details in an easily understandable format, ensuring you’re aware of the transactions and dApps requiring your approval. As such, the Secure Element within your Ledger Multisig becomes the ultimate source of truth.

What does this mean?

1. When sending funds, your Ledger signer displays the full recipient’s address, the exact amount, and the token symbol, rather than just a contract address and a data blob. What’s more, you can verify everything on a physical screen isolated from your potentially compromised smartphone or computer.
2. Any governance activity, such as adding/removing a signer, adjusting signature threshold, or modifying policies, on your Safe Account is clearly defined and made transparent, ensuring you have complete certainty about the changes you’re approving.
3. The intent of complex smart contracts and DeFi interactions is translated and displayed on your device. This ensures that you can confidently manage and interact with smart contracts and dApps directly from your Ledger Multisig.

Transaction Check

Ledger Multisig promotes proactive defense as opposed to reactive transaction signing. It achieves this through Ledger’s existing Transaction Check, a sophisticated security shield. It operates in conjunction with Clear Signing to perform advanced simulations to detect potential threats, such as malicious addresses or contracts, before you sign.

The simulations provide a risk assessment report from trusted providers, which is directly sent to your Ledger signer. The Secure Element in your device then cryptographically verifies the report’s authenticity, displaying a clear warning. 

This feature effectively mitigates against man-in-the-middle attacks, where a malicious transaction could potentially swap in after a simulation.

Seamless management experience

Ledger Multisig doesn’t sacrifice efficiency while delivering robust security. In fact, it allows organizations to manage their assets with enhanced intuition and seamlessness.

For instance, its Zero-Migration Onboarding (built atop Safe’s infrastructure) allows users to resume their operations on Ledger Multisig without having to migrate anything. Simply connect your Ledger signer, and it automatically finds and displays all your associated Safe accounts across multiple networks.

What’s more, Ledger Multisig’s interface provides a central command center for all multisig operations. This enables viewing balances across all Safe accounts, pending transactions, and other related activities.

Best Practices for Multisig Wallets

Some of the best practices to maximize the security of a shared wallet and prevent potentially costly blunders include:

• Using a high signature threshold – Configure the shared wallet to require multiple signatures from different locations. Having more required signatures reduces the risks of a single bad actor. It also makes it difficult for an attacker to compromise enough keys.
• Distributing keys to different geographical locations – Storing the keys in a single location defeats the purpose of having a multisig wallet. Thus, store the keys in different locations or with separate custodians to prevent a single point of failure.
• Monitoring transactions in real-time – Implement logging systems to track key usage and set up alerts for any suspicious activities.
• Using hardware wallets for transaction signing – Using offline signing devices mitigates against hacking attempts and potential online attack vectors.
• Performing regular security audits – Regularly review and update your multisig settings for optimal security. You can also hire external experts to perform audits and fix any detected or potential vulnerabilities.
• Practicing regular key rotation – Ensure you regularly rotate key holders and regenerate keys, potentially reducing the risks of unauthorized access.
• Involving independent co-signers – To prevent potential insider collusion, consider using trusted third parties or external security firms as one of the required signers.

Common Challenges with Multisig Wallets

While multisig wallets come with a myriad of opportunities and strengths, it is not without their own pitfalls. Some of these include:

• Complexity and user experience – Setting up a multisig wallet doesn’t often come with the simplicity of single-signature wallets, demanding a certain degree of technical proficiency that a lot of users don’t have. In addition, managing multiple private keys and signatures can be intricate.
• Coordinating signing parties – For a transaction to be executed, all or a subset of the signing parties must approve. This slows down transaction processing times and can sometimes delay or prevent time-sensitive transactions if one or more key holders are uncooperative or unavailable. 
• Costly – Compared to single-signature transactions, multisig transactions include more data with each additional signature and public key. Due to the increased complexity and transaction size, some blockchains might charge higher transaction fees.
• Blind signing risk – Bad actors might trick co-signers into unknowingly approving malicious transactions. For instance, hackers can display simulated, legitimate transaction data on a hardware wallet’s interface to get a valid signature for a malicious transaction.
• Insider collusion – Shared wallets are not immune to attacks involving internal collusion. If the minimum number of required signers in an M-of-N configuration setup conspires, they can approve malicious transactions and steal the funds.

Manage Your Shared Funds With A Multisig Wallet

Whether you’re starting a DAO, NFT project, or a holiday fund with your partner, multisig wallets are a great way to share and manage your funds. As you know, trusting single entities with shared funds can often end in misery. Using Multisig wallets, it’s easier to reduce the direct risk of collaborating with strangers. Plus, you can rest assured that you’re not submitting to centralized methods. 

Multisig wallets are key components of effective community security.  But what’s the use of multiple signatories if each private key is not secure? Of course, where you store the private keys of the multi-sig wallet matters. This unique problem highlights why multisig wallets and Ledger signers make the perfect pair. Using a multisig wallet with a Ledger signer only increases its security and decentralization–something at the heart of web3’s ethos. So before you start a new web3 community, consider these tools, as your multisig is only as strong as its private key’s protectors.

Introducing Ledger Multisig

Ledger Multisig is a purpose-built premium security and governance layer designed to help you move billions with certainty. It combines the best of both worlds: the flexibility of a software platform with the security of Ledger’s industry-leading ecosystem. It delivers unmatched clarity, control and connectivity for leaders who can’t afford mistakes.

Transaction Check and Clear Signing smart contracts ensure optimal transparency for informed decision-making. Multi-party policies and role-based governance give users genuine ownership and comprehensive oversight. Users can access thousands of coins and tokens, across several blockchains, from a single, intuitive dashboard. This unique approach helps safeguard your digital assets from sophisticated attacks and provides a truly secure path for managing your digital treasury.

Want to use Ledger for your Multisig operations? Learn more at multisig.ledger.com

The Shift: From Hardware Wallet to signer 

Crypto may have begun as a bold experiment, but adoption has grown as the technology and user experience have rapidly evolved; the language used to describe it, has however, stayed stuck in its infancy.

We called our devices “hardware wallets,” mislabelling the role of secure hardware, and obfuscating the role of software (Ledger Live). Along the way, users were left behind.

People believed:

• That value was stored on the device (it isn’t).
• That if you lose the device, you lose your assets (you don’t).
• That the device itself was the endgame (it’s not).
• That those 24 words were a burden only tech-savvy users could manage (not true anymore).

These are more than misconceptions. They are adoption blockers. So at Ledger, we believe that clarity is essential for the next stage of adoption

We’re changing how we speak about our products. And by doing so, we’re changing how people understand digital ownership itself.

Hardware wallets  → signers

Ledger devices don’t store value. They sign transactions. They prove intent. They verify identity. They’re not vaults, they’re the secure bridge between who you are and what you do online. They don’t just hold keys. They empower you to trust yourself.

We call them signers now, because that’s what they truly are.

In a world where AI grows more powerful every day, proof of humanity matters more than ever. A signer is more than a security device, it’s your cryptographic proof of you. It gives you a secure foundation to own, authorize, and protect your digital life without relying on anyone else. From sending a transaction to signing a contract or verifying your credentials, your signer  ensures you, and only, can provide digital consent – proof of you.Together, signer and Ledger Wallet redefine what digital ownership looks like, clear, secure, and free from compromise.