In the modern digital asset ecosystem, the multisig mechanism is often revered as the ultimate bastion of security, a mandatory standard for all serious organizations and high net worth individuals. By requiring the consensus of multiple parties before making a transaction, multisig theoretically eliminates the "single point of failure" risk that is the bane of traditional single-signature (EOA) wallets. However, a deeper and more realistic analysis indicates that multisig is not a "silver bullet" for every security problem. On the contrary, in many specific contexts, the ill-considered application of multisig can lead to catastrophic key management failures, causing operational paralysis, high costs and even permanent loss of assets.
This report delves into the analysis of the technical mechanisms, potential risks and specific situations where multisig becomes counterproductive. According to the team of experts at Tan Phat Digital, understanding the limitations of the tool is the first step to building a sustainable security strategy.
Technical architecture and diversity of multi-signature mechanisms
To understand why multisig can be counterproductive, it is first necessary to grasp the fundamental differences in how this mechanism is deployed on different blockchain networks. This difference goes beyond programming and directly affects costs, privacy, and wallet resiliency.
Bitcoin and multisig at the protocol level
On the Bitcoin network, multisig is supported at the protocol level through special scripts such as Pay-to-Script-Hash (P2SH). In this model, signature threshold (M-of-N) rules are embedded directly into the structure of the wallet address. All validation logic is performed by Bitcoin mining nodes when transactions are broadcast.
With the introduction of the Taproot update (Schnorr signature), Bitcoin has taken multisig optimization a step further. Schnorr signatures allow multiple signatures of participating parties to be merged into a single signature on-chain, helping to reduce transaction size and increase privacy. However, despite these improvements, multisig on Bitcoin remains rigid: once a wallet has been created with a specific configuration, changing signers or signing thresholds often requires transferring all assets to a new wallet address altogether.
Ethereum and smart contract wallets
In contrast to Bitcoin, multisig on Ethereum and EVM-compatible chains are not a native feature of the protocol but are implemented through smart contracts Smart Contract Wallets, the most typical being Safe. Using smart contracts offers incredible flexibility, but also creates a broader attack surface. Any flaw in the contract's source code, no matter how small, can become as disastrous as the Parity wallet incident in 2017, where a bug permanently froze more than 280 million USD in ETH value.
Detailed comparison of Multisig on Bitcoin and Ethereum:
Authentication mechanism: Bitcoin uses script logic at the protocol level, while Ethereum based on self-executing smart contracts.
Flexibility: Bitcoin is low (usually need to switch wallets to change configuration), while Ethereum is very high (can upgrade modules, change signers directly).
Deployment cost: Bitcoin has low cost because it is just creating addresses, while Ethereum costs high gas fees to deploy contracts. proxy.
Source code risk: Bitcoin is very low because it is based on the native protocol, Ethereum is high because it depends on the integrity of the contract code.
Privacy: Bitcoin is medium, Ethereum is low because everyone signs and the signing threshold is publicly visible on the chain.
See also: What is Multisig wallet?
Economic risk: When Gas costs become a burden
One of the top reasons why multisig is counterproductive for individual users is the cost structure operating fee. In the world of smart contracts, complexity always comes with expensiveness.
Estimated Gas Cost Analysis on Ethereum (at 20 Gwei):
ETH Transfer: EOA (single signature) wallet consumes 21,000 gas. Multisig Wallet consumes approximately 45,000 - 65,000 gas, equivalent to an increase of 114% to 210%.
ERC-20 Token Transfer:EOA Wallet consumes approximately 65,000 gas. Multisig wallet costs from 90,000 - 110,000 gas, an increase of about 38% - 69%.
DeFi Interaction (Swap): EOA wallet consumes about 150,000 gas. Multisig Wallet requires 200,000 - 250,000 gas, an increase from 33% to 66%.
Change wallet structure (add/remove signers):EOA Wallet does not support this feature. Multisig wallet consumes about 100,000 - 150,000 gas for each configuration change.
For large organizations managing millions of USD, this difference is not significant. However, for retail users, this is a real financial barrier, turning multisig from a protection tool into an unnecessary cost burden.
Failure in Key Management: The Paradox of Security
At the core of multisig is redundancy. However, if the key management process is not professionally implemented, this redundancy only creates a false sense of security.
The Co-location Fallacy: Storing multiple keys or seed phrases in the same physical location (e.g., same safe) or same cloud account will turn multisig back into a "single point of weakness". A theft or disaster at that location would wipe out access.
Improper Signing Threshold (Bricking): In a 2-of-2 configuration, if just one signer loses the key, the entire asset is frozen forever. The risk of loss in this configuration is actually twice as high as with a single signature wallet. Tan Phat Digital recommends that users use redundant configurations such as 2-of-3 or 3-of-5 to ensure safety.
Silent key attrition (Key Attrition): Occurs when members holding keys leave the organization without handing over. Over time, a 4-of-7 wallet can become a 4-of-4, putting assets in an extremely dangerous state.
See more: MPC Wallet is What?
Inflexibility and operational bottlenecks
Multisig is a mechanism that causes intentional delay. In a DeFi environment that requires instant response, this delay can cause huge losses when capital cannot be withdrawn in time during attacks or when strong market volatility leads to asset liquidation. Additionally, managing a "matrix" of signers across different blockchains (Ethereum, Solana, Bitcoin...) is an administrative challenge that many organizations are not capable of implementing securely.
Inheritance Issue: Barrier for Non-Technologists
Inheriting digital assets via multisig is often a "nightmare" for non-tech-savvy heirs. Splitting the keys and hiding them secretly can prevent relatives from accessing the property after the owner passes away. Furthermore, confused heirs are often the prime targets of scammers when they seek help to unlock wallets.
Modern attacks: When multisig becomes a "weapon" against owners
The event of the Bybit exchange losing 1.5 USD in February 2025 is the clearest demonstration of the limits of multisig. Hackers do not attack the source code but target the user interface (UI) layer. Through display manipulation, attackers trick signers into performing "blind signing" — approving a malicious transaction they believe is valid. The lesson learned is: multisig is only safe when the signer knows exactly what they are signing.
Audience analysis: Who should and should not use Multisig?
Based on experience from Tan Phat Digital, the suitability of multisig is classified as follows:
1. Who should not use Multisig:
Individuals with small assets (under 50,000 USD): Gas costs and management complexity far outweigh the security benefits.
Investors who are not technically savvy: Easily lead to mistakes in backing up or setting signature thresholds, causing permanent asset locking.
Projects need agility: Delays in collecting signatures can cripple development progress.
2. Who should use Multisig:
DAO and Institutional Treasury:Ensure transparency and prevent unilateral misappropriation of funds.
Professional Custody Services: Have enough resources to operate the signing process and regular audits.
General asset management:Ensure financial decisions Large governments must have the consensus of members.
Summary table of recommended uses:
Small individuals: Prioritize convenience & low cost; Low key management ability. Recommended: Hardware Wallet + Passphrase.
Organization/DAO: Prioritize transparency & governance; Average key management ability. Recommended: Multisig (M-of-N).
Professional investment funds: Prioritize maximum security & compliance; Key management ability is very high. Recommended: MPC or Hybrid Model.
Alternatives and add-ons
Tan Phat Digital suggests some modern security architectures that replace traditional multisig:
Hardware Wallet and Passphrase: "25th word" mechanism helps create a second layer of security (one you have and one you know) without increasing fees gas.
MPC (Multi-Party Computation) Technology: Divide the key into small pieces and sign off-chain. This solution offers low gas fees, increased privacy, and is highly flexible.
Social Recovery Wallet (Social Recovery): Uses a master key for daily transactions and a group of "Guardians" to restore the wallet when the keys are lost. This is seen as the future of self-management of assets for the masses.
People also ask: 15 Frequently Asked Questions about Multisig
1. What is a multisig wallet? A multi-signature wallet (multisig) is a type of wallet that requires many different signatures from independent private keys to authenticate and perform a transaction. Instead of relying solely on a "single weakness", it requires the consensus of a group of signers according to a pre-established threshold (e.g. 2 out of 3 signers).
2. How is Multisig on Bitcoin and Ethereum different? Bitcoin's Multisig is directly integrated at the protocol level through scripts such as P2SH or Taproot, providing extremely high security but less flexibility. Meanwhile, multisig on Ethereum is implemented using smart contracts (like Safe), which allows flexible customization of governance rules but has higher gas costs and a wider attack surface.
3. Why are the gas fees of Multisig wallets higher than regular wallets? Because multisig (especially on Ethereum) operates as a smart contract, the network has to perform more calculations to verify each individual signature and check the on-chain approval threshold. Additionally, storing additional signature data increases the transaction size, resulting in significantly higher costs compared to conventional single-signature wallets.
4. What is multisig wallet "Bricking" and how to avoid it? "Bricking" is a situation where assets are permanently locked due to insufficient remaining keys to reach the signing threshold (for example, 2-of-2 wallet but 1 key is missing). To avoid this, experts recommend using configurations with redundancy such as 2-of-3 or 3-of-5, ensuring that even if one key is lost, you can still move assets.
5. What is the "Co-location" error in Multisig management? This is the error of storing multiple keys or seed phrases at the same physical location or the same cloud account. If thieves break into that location or the iCloud account is hacked, they can get enough keys, making the multisig mechanism useless because the risk is concentrated in one point.
6. Is a 2-of-3 configuration really better than a 2-of-2? Yes. In a 2-of-2 configuration, the risk of losing assets doubles because any lost key leads to disaster. The 2-of-3 configuration provides the ideal balance: it protects against theft (2 keys are needed to get money) and protects against loss (losing 1 key still leaves 2 keys to recover).
7. What happened in the 2025 $1.5 billion Bybit hack?Hackers carried out a supply chain attack on Safe{Wallet}'s user interface (UI). They do not crack multisig but change the transaction content displayed on the employee screen. The employee believed they were signing an internal transfer order, but were actually signing an order transferring control of the wallet to the hacker.
8. How dangerous is Blind Signing?Blind signing occurs when a user approves a transaction on a hardware device (like a Ledger) without being able to check the raw data because the device screen is too small or the data is too complex. If the UI on your computer is manipulated, you could be signing an asset withdrawal order without even knowing it.
9. How is MPC technology different from Multisig? Multisig uses many separate keys on-chain, while MPC (Multi-Party Computation) divides a single key into many off-chain "pieces". MPC helps save gas fees because there is only 1 signature on-chain, while keeping the signer structure secret and supporting multi-chain better.
10. Should I use Multisig for estate planning? Maybe, but be careful. Multisig allows keys to be divided among family members, but if they aren't technically savvy, the recovery process can become a nightmare. A "Collaborative Custody" solution (like Unchained or Casa) is often better because there is a service to assist heirs with the technical steps.
11. How does Social Recovery Wallet work?It uses a master key for daily transactions. If this key is lost, a group of "Guardians" pre-selected by you can sign a command to replace the master key with a new one. It is more convenient than multisig because it does not require multiple signatures for every small transaction.
12. How much assets are worth to start using Multisig? Many experts believe that multisig is only truly effective when assets exceed the threshold of 50,000 USD or 100,000 USD. With smaller amounts, the cost of gas and the risk of locking yourself out due to incorrect operations often outweighs the security benefits it provides.
13. Does Multisig support all cryptocurrencies? Not at all. Multisig depends on the support of each blockchain. Bitcoin and Ethereum have good support, but many newer chains or specific tokens may require complex technical implementations or standard multisig wallets are not available.
14. What is the risk of "Key Attrition"? This is a situation where the number of actual signers gradually decreases over time due to members leaving the organization, passing away or losing keys without handing over. Without regular audits, a 3-of-5 wallet can quietly turn into a 3-of-3, putting the entire asset in extreme danger.
15. Why is the Hybrid model favored by large funds? The hybrid model combines MPC for daily trading operations (high speed, low fees) and traditional Multisig for long-term treasury storage (transparency, easy on-chain auditing). This helps them take advantage of the best of both technologies to optimize security and operations.
Ultimately, multisig is just one tool in the larger security picture. A robust system requires a combination of technology, disciplined processes, and deep understanding. Tan Phat Digital hopes this report has helped you have the most realistic view to protect your assets in a smart way.
Share
