What is a multisig or shared wallet?
A multisig wallet (also known as multisignature wallet or shared wallet) is a cryptocurrency wallet that requires two or more signatures to confirm and send a transaction. It can be used by multiple keyholders or one user across multiple devices.
What are the use cases of multisig wallets?
Overall, multisig wallets offer an additional layer of security since transactions need to be signed by more than one copayer. This feature can be useful in a number of situations where one private key isn’t sufficient.
Multisig wallet use cases:
- Shared access to funds in a business/workflow scenario where multiple authorizations are needed to make a payment
- Multi-user wallet (similar to a joint bank account)
- Single user, multi-device security - similar to multi-factor authentication, improve security against thieves and hackers
- Contingency for lost/damaged devices where keys are stored - if one recovery phrase is lost or destroyed, you may recover funds with another phrase
- Additional protection against lost access to recovery phrases
- Long term cold storage
IMPORTANT! BACKUP YOUR RECOVERY PHRASES! Make sure to carefully plan your multisignature system and backup/securely store your recovery phrases. Like all self-custody wallets, seed phrases can't be recovered. BitPay does not have access to your seed phrases or private keys and can’t assist in restoring your funds if your recovery phrases are lost, stolen or destroyed.
Single-signature vs Multi-signature wallets
When you want to send funds from your wallet, a transaction is created and signed. By signing the transaction, you are digitally saying: “I am the owner of the funds, I have the key to manage them, and I approve this transaction.”
Single signature (also known as “basic”) cryptocurrency wallets need one signature to sign a transaction. Multisig is the shortened name for multisignature, and, as the name indicates, this kind of wallet requires one or more signatures to sign a transaction.
A multisig wallet is a digital wallet shared by two or more users called copayers. Depending on the kind of wallet, the number of signatures required to sign a transaction will be lower or equal to the number of copayers of the wallet.
For example, a 3-3 wallet is a multisig wallet that is shared by three people and requires three signatures to sign a transaction. A 2-3 wallet is a multisig wallet that is shared by three people and requires two signatures to sign a transaction. You may also see “2 of 3” to indicate the number of copayers needed.
What are the features of multisig wallets?
- All the copayers can see the funds and transactions of the wallet.
- Requires one or more copayers to sign a transaction to send funds from the wallet. This feature adds security to your funds.
- A unique recovery phrase for each of the copayers who share the wallet. However, if one of the copayers’ recovery phrases is lost, there may no longer be enough copayers to sign transactions. Without enough copayers to sign transactions, you will not be able to spend the wallet’s funds.
- Ability to store multiple cryptocurrencies under one multisig key.
How does a multisig wallet work?
To move funds, every wallet requires the user broadcasting the payment to sign the transaction. Multisig wallets also require one or more copayers to sign the transaction.
For example, with a 2-2 wallet Copayer A wants to send funds. When they try to move funds, the wallet creates a transaction proposal that is only signed by Copayer A. Sending the funds requires both Copayer A and Copayer B to sign the transaction. Until Copayer B approves the transaction, the funds stay in the wallet. When Copayer B approves the proposal, their wallet signs the transaction. Signing the transaction broadcasts it to the network and sends the funds.
The transaction proposal does not expire- there is no time limit to approve a transaction proposal. There is no copayer hierarchy. This means that any copayer can create a transaction proposal, and all the copayers can sign the transaction proposal.
A 2-3 wallet requires two copayers to sign a transaction (out of three copayers total). Copayer A creates the transaction proposal. Either of the remaining copayers (Copayer B or Copayer C) can approve the transaction proposal. A 2-3 wallet has three copayers but requires only two signatures.
The same remains true if a multisig wallet is used in a one-user, multi-device fashion. Whenever a transaction is initiated, it must be signed by copayers across multiple devices in order to be processed (ex: smart phone, desktop computer, hardware wallet).
How do I create a multisig wallet in the BitPay App?
To create a multisig wallet, open the BitPay App and follow these steps:
- Click on “Create, import or join a shared wallet” on the app home screen
- Select “Multisig Wallet”, then “Create a Shared Wallet”
- Select the currency, either Bitcoin, Bitcoin Cash, Dogecoin or Litecoin. (Note: Ethereum does not support multisig.)
- Enter the wallet name.
- Enter your name (this will be your copayer name).
- Select the number of copayers.
- Select the number of required signatures.
- Under the “Show Advanced Options” tab you can also choose to enable segwit (segregated witness), make the wallet a testnet wallet and/or choose to use one address rather than generating a new one with each transaction.
- Click CREATE.
- You’ll then have the option to record your recovery phrase. We strongly recommend backing this recovery phrase up! BitPay can’t restore your phrase or funds if this phrase is lost, stolen or destroyed. Remember, each copayer of the shared wallet will have their own recovery phrase.
- Share the address/QR code with the other devices joining the wallet.
How to join a multisig wallet
- on “Create, import or join a shared wallet” on the BitPay app home screen.
- Select Multisig wallet, then “Join a Shared Wallet”.
- Enter your copayer name.
- Scan the QR code or input the wallet address shared by the wallet creator.
- Review and backup your recovery phrase. We strongly recommend backing this recovery phrase up! BitPay can’t restore your phrase or funds if this phrase is lost, stolen or destroyed. Each copayer of the wallet will have their own recovery phrase, even if using in a one-user, multi-device fashion.
- Review and agree to the information provided by BitPay.
- You’ve now joined the multisig wallet!
How to initiate and sign multisig transactions
- Select “Send” on the BitPay home screen.
- Select the currency you’d like to send.
- Choose your multisig wallet (if you have multiple wallets/keys).
- Scan or enter the receiving wallet address.
- Enter the amount you’d like to send.
- Review the transaction details and confirm the transaction.
- A proposal for the transaction has now been created and needs to be confirmed by the number of copayers required by the wallet.
- As another copayer, tap into your notifications section on the BitPay app home screen.
- Tap onto the payment and slide to sign the selected transaction.
- If necessary, repeat the above two steps until the required number of copayers have signed the transaction.
- Proposed and sent transaction history can be reviewed by tapping into your multisig wallet details within the BitPay app.
Advanced features of a BitPay multisig wallet
- Name and label your key to for easy management within the app
- Request an encrypted password as an extra layer of security. Whenever you make a transaction, you will be asked for the password. Note: passwords are not recoverable. BitPay doesn’t have access to your password. If this password is lost, funds can only be recovered by reimporting your 12-word recovery phrase.
- Export/import multisig wallets across devices
- Extended private keys - only advanced users should handle extended private keys directly
- Sync wallets across devices
Recovery phrases (or seed phrases) and multisig wallets
Like all self-custody wallets, recovery phrases and private keys are not stored by BitPay or any other wallet service provider. It is paramount that all multisig recovery phrases are backed up, preferably in a non-digital method to limit the risk of hackers stealing your information.
Each copayer or device of a multisig wallet has their own recovery phrase. On wallets where the number of copayers is the same as the number of signatures required (e.g., 2-2, 3-3), to recover the funds you will need the recovery phrase of all copayers.
- A 1-2 wallet requires one signature. Therefore, it requires one recovery phrase to move its funds.
- A 2-2 wallet requires two signatures to sign a transaction. Therefore, it requires each of the two recovery phrases to move the funds out of the wallet.
To recover a multisig wallet, the number of recovery phrases needed is equal to the number of signatures required by the wallet. If recovery phrases are lost, then effectively the number of copayers is reduced. For example, if you have a 2-5 wallet but 1 copayer loses their recovery phrase, effectively the wallet is now a 2-4 wallet. The wallet still remains a 2-5 wallet unless the copayers move the funds to a new wallet. If a copayer loses their wallet, we recommend creating a new shared wallet and moving the funds to this new wallet.
Multisig wallets are not tied to the device on which they were created or currently reside. As long as you have your recovery phrases you can infinitely recover or move the wallet to new devices to make transactions and manage funds. To recover a multisig wallet, import each of the recovery phrases on a different device.
If using a multisig wallet in single-user, multi-device fashion, we recommend storing your recovery phrases separately. Some storage ideas include:
- Written on a piece in a fire-proof safe in a secure location
- Store in a safety deposit box
- Stamped onto a fireproof metal wallet
- Memorize or use a mnemonic devices to recall your phrase
- Break up phrases into 4 or 6 word parts and store separately for increased security
Can I be scammed with a multisig wallet?
Yes, attackers can use a multisig wallet to deceive the victim.
The scam works like this:
- The victim purchases cryptocurrency, likely for a “too good to be true” price.
- The funds are sent to a multisig wallet that the victim does not own but has access. For example, the attacker may set up a 1-2 multisig wallet that lets the attacker move the funds without the victim's consent.
- The attackers move the funds to a different wallet - one which the victim does not have access to.
- If you are purchasing crypto, please make sure the wallet you are going to receive the funds in is a wallet that you own, a wallet that you have created that is not a multisig wallet and only you have access to it.
- If you are purchasing crypto, beware of “too good to be true” pricing or someone offering cryptocurrency at a much lower price than the current rate.
If someone tells you to create or join a multisig wallet to send you money, they are trying to scam you.
Q: Is BitPay a multisig wallet?
A: BitPay gives users the option to create basic or multisig wallets.
Q: I want to add security to my funds, is a multisig wallet a good option?
A: As a multisig wallet requires more signatures to sign a transaction, it adds security to your wallet. If an attacker obtained one copayer’s device, they would not be able to spend your wallet’s funds if you require at least two signatures. However, keep in mind the following:
- Every time you want to sign a transaction, it has to be signed by the required number of copayers.
- To recover the wallet, you need multiple recovery phrases.
Q: I want to share a wallet with my spouse, what do you recommend?
A: There are many multisig configurations for two copayers:
- 1-2: Only one signature is required to sign a transaction. Neither of the copayers need another to sign a proposal. The wallet can be recovered with one recovery phrase.
- 2-2: Two signatures are required to send a transaction. Every time a copayer creates a transaction proposal, they must wait for the other copayer to approve the proposal. This wallet configuration requires two recovery phrases to recover the wallet. If one device was lost or stolen and you do not have that copayer’s recovery phrase, the wallet and funds are lost.
- 2-3: Three copayers, two signatures are required. With an extra recovery phrase safely stored separately, this wallet configuration arises as a good solution when there is a risk of losing one of the devices. 2-4 could be a good option as well.
Q: I have a 2-2 wallet. The other copayer has lost their device and does not have their recovery phrase. How can we recover the wallet?
A: Unfortunately, there is no way to recover the wallet in this case. Both recovery phrases are required to recover the wallet.
Q: I have a 2-2 wallet. The other copayer has lost their device and does not have their recovery phrase, but I have my wallet set up in two devices. Why am I not able to move funds?
A: Each copayer has a different and unique signature that has to be provided in order to move funds. This means that duplicating the same copayer wallet on many devices does not help as they provide the same signature. If you lose any recovery phrase for a multisig wallet in which you need every signature (such as 2-2), you lose access to the funds in the wallet.
Q: Do I pay a higher fee by using a multisig wallet to send funds?
A: Yes. The scripting is different and there are more signatures included in the transaction. These two factors result in a larger transaction (in bytes), which requires a higher total fee.