What is a multisig or shared wallet?

When you want to send funds from your wallet, a transaction is created and signed. By signing the transaction, you are digitally saying: “I am the owner of the funds, I have the key to manage them, and I approve this transaction.” 

Single signature (also known as “basic”) cryptocurrency wallets need one signature to sign a transaction. Multisig is the shortened name for multi-signature, and, as the name indicates, this kind of wallet requires one or more signatures to sign a transaction.

A multisig wallet is a wallet shared by two or more users called copayers. Depending on the kind of wallet, the number of signatures required to sign a transaction will be lower or equal to the number of copayers of the wallet.

For example, a 3-3 wallet is a multisig wallet that is shared by three people and requires three signatures to sign a transaction. A 2-3 wallet is a multisig wallet that is shared by three people and requires two signatures to sign a transaction. You may also see “2 of 3” to indicate the number of copayers needed.

What are the features of multisig wallets?

• All the copayers can see the funds and transactions of the wallet.
• Requires one or more copayers to sign a transaction to send funds from the wallet. This feature adds security to your funds. 
• A unique recovery phrase for each of the copayers who share the wallet. However, if one of the copayers’ recovery phrases is lost, there may no longer be enough copayers to sign transactions. Without enough copayers to sign transactions, you will not be able to spend the wallet’s funds.

How does a multisig wallet work?

To move funds, every wallet requires the user broadcasting the payment to sign the transaction. Multisig wallets also require one or more copayers to sign the transaction.

For example, with a 2-2 wallet Copayer A wants to send funds. When they try to move funds, the wallet creates a transaction proposal that is only signed by Copayer A. Sending the funds requires both Copayer A and Copayer B to sign the transaction. Until Copayer B approves the transaction, the funds stay in the wallet. When Copayer B approves the proposal, their wallet signs the transaction. Signing the transaction broadcasts it to the network and sends the funds.

The transaction proposal does not expire- there is no time limit to approve a transaction proposal. There is no copayer hierarchy. This means that any copayer can create a transaction proposal, and all the copayers can sign the transaction proposal.

A 2-3 wallet requires two copayers to sign a transaction (out of three copayers total). Copayer A creates the transaction proposal. Either of the remaining copayers (Copayer B or Copayer C) can approve the transaction proposal. A 2-3 wallet has three copayers but requires only two signatures.

How do I create a multisig wallet in the BitPay App?

To create a multisig wallet, open the BitPay App and follow these steps:

• Click the gear icon in the upper right corner.
• Within Keys, select the key where you will create the wallet.
• Click + Create a new wallet.
• Select Shared wallet.
• Select the currency, either Bitcoin or Bitcoin Cash. (Note: Ethereum does not support multisig.)
• Enter the wallet name.

• Enter your name (this will be your copayer name).
• Select the number of copayers.
• Select the number of required signatures.
• Click CREATE.
• Share the address/QR code with the other devices joining the wallet.

Recovery

Each copayer has their own recovery phrase. On wallets where the number of copayers is the same as the number of signatures required (e.g., 2-2, 3-3), to recover the funds you will need the recovery phrase of all copayers.

For example:

• A 1-2 wallet requires one signature. Therefore, it requires one recovery phrase to move its funds.
• A 2-2 wallet requires two signatures to sign a transaction. Therefore, it requires each of the two recovery phrases to move the funds out of the wallet.

To recover a multisig wallet, the number of recovery phrases needed is equal to the number of signatures required by the wallet. If recovery phrases are lost, then effectively the number of copayers is reduced. For example, if you have a 2-5 wallet but 1 copayer loses their recovery phrase, effectively the wallet is now a 2-4 wallet. The wallet still remains a 2-5 wallet unless the copayers move the funds to a new wallet. If a copayer loses their wallet, we recommend creating a new shared wallet and moving the funds to this new wallet.

To recover a multisig wallet, import each of the recovery phrases on a different device.

Can I be scammed with a multisig wallet?

Yes, attackers can use a multisig wallet to deceive the victim.

The scam works like this:

• The victim purchases cryptocurrency, likely for a “too good to be true” price.
• The funds are sent to a multisig wallet that the victim does not own but has access. For example, the attacker may set up a 1-2 multisig wallet that lets the attacker move the funds without the victim's consent.
• The attackers move the funds to a different wallet - one which the victim does not have access to.

Our recommendations:

- If you are purchasing crypto, please make sure the wallet you are going to receive the funds in is a wallet that you own, a wallet that you have created that is not a multisig wallet and only you have access to it.

- If you are purchasing crypto, beware of “too good to be true” pricing or someone offering cryptocurrency at a much lower price than the current rate.

If someone tells you to create or join a multisig wallet to send you money, they are trying to scam you.

Q&A

Q: I want to add security to my funds, is a multisig wallet a good option?

A: As a multisig wallet requires more signatures to sign a transaction, it adds security to your wallet. If an attacker obtained one copayer’s device, they would not be able to spend your wallet’s funds if you require at least two signatures. However, keep in mind the following:

• Every time you want to sign a transaction, it has to be signed by the required number of copayers.
• To recover the wallet, you need multiple recovery phrases.

Q: I want to share a wallet with my spouse, what do you recommend?

A: There are many multisig configurations for two copayers:

• 1-2: Only one signature is required to sign a transaction. Neither of the copayers need another to sign a proposal. The wallet can be recovered with one recovery phrase.
• 2-2: Two signatures are required to send a transaction. Every time a copayer creates a transaction proposal, they must wait for the other copayer to approve the proposal. This wallet configuration requires two recovery phrases to recover the wallet. If one device was lost or stolen and you do not have that copayer’s recovery phrase, the wallet and funds are lost.
• 2-3: Three copayers, two signatures are required. With an extra recovery phrase safely stored separately, this wallet configuration arises as a good solution when there is a risk of losing one of the devices. 2-4 could be a good option as well.

Q: I have a 2-2 wallet. The other copayer has lost their device and does not have their recovery phrase. How can we recover the wallet?

A:  Unfortunately, there is no way to recover the wallet in this case. Both recovery phrases are required to recover the wallet.

Q: I have a 2-2 wallet. The other copayer has lost their device and does not have their recovery phrase, but I have my wallet set up in two devices. Why am I not able to move funds?

A:  Each copayer has a different and unique signature that has to be provided in order to move funds. This means that duplicating the same copayer wallet on many devices does not help as they provide the same signature. If you lose any recovery phrase for a multisig wallet in which you need every signature (such as 2-2), you lose access to the funds in the wallet.

Q: Do I pay a higher fee by using a multisig wallet to send funds?

A: Yes. The scripting is different and there are more signatures included in the transaction. These two factors result in a larger transaction (in bytes), which requires a higher total fee.