Skip to main content

This site is for educational purposes only. Nothing here constitutes financial advice.

Lesson 6 of 8
~22 minSelf-Custody Masterclass

Lesson 6 — Multisig for individuals

Multisig is two-or-more keys required to move funds. Today: the canonical 2-of-3 layout for individuals, why the wallet descriptor is as critical as the seeds, and when multisig is overkill.

Intermediate
Evergreen
22 min readUpdated 2026-05-17Block Clarity Hub Editorial Team

Multisig has the reputation of being either institutional infrastructure or a niche hobbyist endeavour. Neither is accurate. For individual holders crossing into balances where a single point of failure is too much to accept — typically once holdings reach the high four or five figures — multisig is the operational layer that finally retires the question 'what happens if I lose one seed?' This lesson covers the practical version: how to actually run one, not just describe one.

The canonical individual layout is 2-of-3 multisig: three keys exist, any two can sign a transaction. The keys are held on three different devices, typically two hardware wallets in different physical locations and one held by a third party — a backup at a relative's house, a deposit box, or a multisig coordination service. The threat model: lose one key, you can still spend (you have two of three). Lose two keys, you cannot spend but no one else can either. An attacker who finds one key has not compromised anything.

The keys in a multisig wallet are still HD wallets — each device generates its own seed, derives its own keys, signs transactions independently. What ties them together is the **wallet descriptor**: a text representation of the multisig policy that specifies which extended public keys (xpubs) form the quorum, the signing threshold, the script type (P2WSH, P2TR), and the derivation paths. Without the descriptor, the keys are useless. The descriptor is not secret — it contains no private information — but it is irreplaceable. Lose all copies of the descriptor and you must reconstruct it before you can spend; the seeds alone won't let you.

Coordinator software is the user-facing tool that handles the signing dance. Open-source options that have a sustained track record include Sparrow Wallet (Bitcoin only, desktop, opinionated about descriptors), Nunchuk (Bitcoin only, mobile + desktop, key-holder accounts), and Specter Desktop (Bitcoin, primarily desktop, often used with self-hosted nodes). For Ethereum / EVM chains, Safe (formerly Gnosis Safe) implements multisig as a smart contract rather than as a script-level construct — the trade-offs differ enough that the workflows aren't directly analogous. This course focuses on the script-level model because the principles transfer; the Safe-specific operational details are out of scope here.

The signing flow on a Bitcoin multisig wallet uses Partially Signed Bitcoin Transactions (PSBTs, BIP-174). The coordinator constructs an unsigned transaction, passes it as a PSBT to the first signer (who reviews and adds their signature on their device), passes the partially-signed PSBT to the second signer, and once the threshold is met, broadcasts. Each signer reviews the transaction on their own device — addresses, amounts, fees — and signs only what they have verified. The point-of-control is the hardware device, not the coordinator software running on a potentially-compromised laptop.

When multisig is the wrong tool: amounts you spend frequently (the round-trip across devices is friction every time), single users with low operational tolerance (the coordinator + descriptor + multiple devices stack is more complexity than they will sustain), and small balances where the operational cost vastly exceeds the marginal security benefit. Multisig is for funds you intend to leave mostly alone, where the cost of a catastrophic single-key compromise is unacceptable.

Recovery practice should be rehearsed. Once a year, take one of your hardware wallets out of the multisig setup (treating it as 'lost'), then prove to yourself that the remaining two can still produce a valid signature. This is the only reliable way to learn that your descriptor is correctly recorded, your other devices still work, and your coordinator software is still compatible. Multisig that has never been tested under a recovery scenario is multisig you don't actually know works.

Example

A typical individual 2-of-3 setup looks like this: Hardware Wallet A lives in a home safe with its own seed backup in a metal plate. Hardware Wallet B lives at a relative's house several hours away, with a separate seed backup in the same physical location. The third key is a small piece of hardware — a steel-stamped seed and a low-cost signing device — kept in a bank deposit box, alongside a printed copy of the wallet descriptor. The descriptor is also kept at home (it's not secret), and a third copy is sealed with the inheritance documents covered in Lesson 7. To spend, the user signs at home with Wallet A, drives to the deposit box (or, more often, drives to the relative's house — the deposit box is the third-of-three for redundancy), and completes the signature. Two devices, in two different physical locations, signing a transaction that neither alone could authorise. No single compromise — physical, digital, or coercive — yields the funds.

Common mistakes

  • Treating the descriptor as 'something the coordinator software remembers.' It is not. Coordinator software can be reinstalled; the descriptor must be backed up separately.
  • Putting all three keys in one geographic location. A house fire that destroys two of three keys destroys the wallet's spendability.
  • Never testing recovery. The first time you find out your descriptor backup is wrong should not be in an emergency.
  • Using multisig for everyday spending. Friction compounds — most users abandon multisig within months if they have to use it daily.
  • Confusing Bitcoin script-level multisig with Ethereum Safe contracts. The principles overlap but the operational details (especially around upgradeability, transaction simulation, and recovery) differ significantly.

Check your understanding

You have a 2-of-3 multisig wallet with three hardware-wallet seeds backed up. You've stored all three seeds carefully but have lost the wallet descriptor file. What is your situation?

Key terms covered

Sources & further reading

We prioritise primary sources. Where a topic moves quickly (regulation, security incidents), we re-check sources on the cadence shown by the page's "Next review" date.

Go deeper