multisig wallet

A multisig (multisignature) wallet is a cryptocurrency wallet solution that employs an M-of-N mechanism requiring authorization from at least M out of N designated key holders to execute transactions, unlike traditional wallets controlled by a single private key. This distributed permission model significantly enhances security by reducing single points of failure, making it particularly valuable for institutional treasury management, DAO governance, and safeguarding high-value digital assets.

A multisig wallet is a cryptocurrency wallet that requires multiple private keys to authorize transactions, as opposed to traditional wallets that need only one key. This security mechanism significantly enhances asset security by requiring authorization from multiple participants, reducing the risks of single points of failure and private key loss. Multisig technology is widely used in institutional asset management, DAO governance, and protection of large funds, providing users with a more secure and decentralized solution for asset custody.

Background: Origin of Multisig Wallets

Multisig wallet technology originated in the early stages of the Bitcoin network. In 2012, Bitcoin core developer Gavin Andresen introduced the concept of multisignature transactions, implementing it in the Bitcoin protocol through P2SH (Pay to Script Hash) scripts. This technology was initially developed to address the security challenges faced by institutions and individuals managing large amounts of crypto assets.

As blockchain technology evolved, multisig wallets expanded from Bitcoin scripts to numerous other blockchain networks. After Ethereum introduced smart contracts, multisig functionality was further enhanced and popularized, giving rise to popular multisig solutions like Gnosis Safe.

Historically, the development of multisig wallets reflects the blockchain industry's continuous exploration of security mechanisms, marking an important transition from single-key control models to distributed permission management, providing a solid foundation for secure management of crypto assets.

Work Mechanism: How Multisig Wallets Operate

Multisig wallets employ an "M-of-N" permission structure, meaning that out of N authorizers, at least M must approve for a transaction to be executed. The specific working mechanism includes:

Wallet creation phase: Define the number of participants N and minimum signatures M, generate the wallet address and private keys for each participant
Transaction initiation: One participant creates a transaction request, specifying the target address and amount
Transaction signing: The request is distributed to other authorizers, and the transaction can be broadcast to the blockchain network only when the set threshold of M signatures is reached
Transaction execution: Transactions meeting signature requirements are submitted to the blockchain and finally executed

The implementation of multisig varies technically across different platforms:

Bitcoin multisig is implemented through scripts (P2SH or P2WSH)
Ethereum multisig is primarily implemented through smart contracts, such as Gnosis Safe, MultiBaas, etc.
Third-generation blockchain platforms like Polkadot and Cosmos typically have built-in multisig functionality at the protocol layer

Notably, the signature process for multisig wallets can be either on-chain or off-chain. On-chain signatures provide complete transparency, while off-chain signatures offer better privacy protection and lower transaction fees.

Risks and Challenges of Multisig Wallets

While multisig wallets provide additional security guarantees, they also bring a series of unique risks and challenges:

Operational complexity: Compared to single-signature wallets, multisig wallets have a more complex usage process, requiring coordination among multiple participants, which may lead to transaction delays
Private key management: Although the risk of single point of failure is reduced, assets are still at risk if multiple private key holders simultaneously lose their keys or collude
Smart contract vulnerabilities: Multisig implementations based on smart contracts may contain code defects, such as the 2017 Parity multisig wallet incident that resulted in $150 million worth of Ethereum being permanently locked
Compatibility issues: Different chains and wallet services support multisig to varying degrees, potentially affecting user experience and interoperability
Recovery mechanism limitations: If most signers cannot be contacted or keys are lost, funds may become permanently inaccessible

Furthermore, regulatory uncertainty is an important consideration. Some jurisdictions may have specific regulatory positions on assets controlled by multiple parties, and businesses and institutions need to carefully assess compliance requirements when adopting multisig technology.

As technology advances, new mechanisms such as social recovery and secret sharing are being integrated into multisig wallets to address some of the above risks and improve overall security and user experience.

Multisig wallets represent a significant advancement in secure management of crypto assets, distributing asset control from a single central point to multiple participants. This technology not only enhances asset security but also promotes organizational transparency and collaborative decision-making. As blockchain and Web3 ecosystems mature, multisig wallets have become standard configurations for institutional asset management and infrastructure for DAO governance. In the future, we can anticipate that multisig technology will further integrate authentication, social recovery, and smart contract automation features, providing users with more flexible, secure, and user-friendly asset management solutions.

A simple like goes a long way

Related Glossaries

Commingling

Commingling refers to the practice where cryptocurrency exchanges or custodial services combine and manage different customers' digital assets in the same account or wallet, maintaining internal records of individual ownership while storing the assets in centralized wallets controlled by the institution rather than by the customers themselves on the blockchain.

Define Nonce

A nonce is a one-time-use number that ensures the uniqueness of operations and prevents replay attacks with old messages. In blockchain, an account’s nonce determines the order of transactions. In Bitcoin mining, the nonce is used to find a hash that meets the required difficulty. For login signatures, the nonce acts as a challenge value to enhance security. Nonces are fundamental across transactions, mining, and authentication processes.

Bitcoin Address

A Bitcoin address is a string of characters used for receiving and sending Bitcoin, similar to a bank account number. It is generated by hashing and encoding a public key (which is derived from a private key), and includes a checksum to reduce input errors. Common address formats begin with "1", "3", "bc1q", or "bc1p". Wallets and exchanges such as Gate will generate usable Bitcoin addresses for you, which can be used for deposits, withdrawals, and payments.

AUM

Assets Under Management (AUM) refers to the total market value of client assets currently managed by an institution or financial product. This metric is used to assess the scale of management, the fee base, and liquidity pressures. AUM is commonly referenced in contexts such as public funds, private funds, ETFs, and crypto asset management or wealth management products. The value of AUM fluctuates with market prices and capital inflows or outflows, making it a key indicator for evaluating both the size and stability of asset management operations.

Rug Pull

Fraudulent token projects, commonly referred to as rug pulls, are scams in which the project team suddenly withdraws funds or manipulates smart contracts after attracting investor capital. This often results in investors being unable to sell their tokens or facing a rapid price collapse. Typical tactics include removing liquidity, secretly retaining minting privileges, or setting excessively high transaction taxes. Rug pulls are most prevalent among newly launched tokens and community-driven projects. The ability to identify and avoid such schemes is essential for participants in the crypto space.