What is Multisig wallet? When to use multi-signature wallets

The shift from centralized financial systems to decentralized protocols has posed unprecedented challenges in securing digital assets. According to analysis from Tan Phat Digital, in the structure of first generation blockchains, ownership of assets is tied to a unique private key. However, as the value of the cryptocurrency market has grown, the "one key, one right" model has revealed fatal flaws. Multisig wallets emerge as a socio-technical governance mechanism, allowing for the dispersion of power and minimizing risks from human and system weaknesses.

The nature and technical structure of multisig mechanisms

Multisignature wallets require a minimum threshold of digital signatures to approve asset movements. Instead of a single private key, the wallet is associated with a group of keys, each of which is typically managed by different individuals or devices.

M-of-N Threshold Model

The most common structure of multisig is the $M$-of-$N$ threshold model. In which, $N$ represents the total number of authorized keys (signers) and $M$ is the minimum number of signatures required for a valid transaction. Below are common configurations:

• 1-of-2 configuration: Total of 2 keys, 1 signature required. Used mainly for convenience or personal backup, does not really increase anti-theft security.

• 2-of-2 configuration: Total of 2 keys, both signatures required. Requires absolute consensus between two parties but high risk if one party loses the key (assets are locked forever).

• 2-of-3 configuration: Total 3 keys, 2 signatures required. This is the most popular configuration for individuals and small groups, optimally balancing security and resilience if a key is lost.

• 3-of-5 configuration: 5 total keys, 3 signatures required. Provides high security for businesses, helping to protect against internal collusion or large-scale device loss.

• M-of-N configuration (N > 7): Usually requires over 50% of signatures. Typically used for governance of decentralized autonomous organizations (DAOs) or large financial institutions.

Establishing the $M$ threshold is a statement of risk policy. A low threshold reduces intrusion resistance, while too high a threshold can lead to operational paralysis if signatories are unavailable.

See also: For example What is non-custodial? Why own a non-custodial wallet?

Private Keys and Platform Security Mechanisms

In blockchain, a private key is a unique string of cryptographic characters used to confirm ownership. If a single-key wallet (singlesig) is a safe with only one key, then Tan Phat Digital's multisig mentioned is a system that requires many different keys to be inserted at the same time.

The loss of keys in the singlesig model leads to irreversible consequences. Multisig eliminates the risk of "single point of failure". Even if a key is attacked by a hacker, the assets are still safe because the attacker cannot meet the required signature threshold.

Execution Architecture: Bitcoin and Ethereum

While the end goal is the same, the way multisig is implemented on different chains is profoundly different:

1. Bitcoin (P2SH/PSBT Protocol)

• Security: Based directly on the reliability of the core protocol.

• Gas Fees: Usually high due to large transaction sizes because of a lot of signature data.

• Upgradability: Very limited, often requires creating a new wallet address if you want to change the configuration form.

• Transparency: Signing members are often visible directly on the chain (on-chain).

2. Ethereum (Smart Contract Wallet)

• Security: Depends entirely on the correctness and safety of the smart contract code.

• Gas Fees: Very high due to having to execute complex logic of the contract on-chain.

• Upgradability: Flexible, can change signer list or approval rules on the fly on existing contracts.

• Transparency: Any changes to governance policies are publicly recorded and easily auditable.

Corporate governance and DAO organizations

For organizations, multisig is the framework to apply traditional financial governance standards to blockchain.

• Separation of tasks: In an enterprise, employees can initiate salary orders, but need simultaneous approval from the chief accountant and director to execute. This prevents internal fraud.

• DAO treasury management: Communities use multisig with elected members to ensure no individual can arbitrarily withdraw funds from the shared treasury.

• Escrow trading (Escrow): In the 2-of-3 model, the buyer, seller, and a neutral arbiter each hold a key, helping to resolve commercial disputes in a transparent manner.

The Tron ecosystem and the risk of permission manipulation

The Tron network has a unique permission management system (Permission Management) but also has potential risks if users do not pay attention.

• Owner Permission: The highest permission, can change all other permissions.

• Active Permission: Permission to perform everyday transactions such as transferring tokens or voting.

• Scam warning: Bad actors often trick users into signing AccountPermissionUpdate transactions in the name of receiving airdrops. When the user signs, control of the wallet will immediately belong to the fraudster, even though the victim still keeps the original private key.

Compare Multisig and MPC (Multi-Party Computation)

Tan Phat Digital analyzes two leading security technologies today:

About Multisig:

• Key structure: Using multiple keys completely private and independent.

• Transaction fees: High due to the need to process many on-chain signatures.

• Privacy: Low, because the approval threshold and number of signers are often publicly visible.

• Compatibility: Depends on whether the specific blockchain supports it or not. no.

About MPC:

• Key structure: A unique key is divided into shards, there is never a complete key.

• Transaction fees: Low, because only one standard signature is sent to the chain.

• Privacy: High, transaction The transaction looks like a regular single-key wallet.

• Compatibility: Works on any blockchain (Agnostic).

Account Abstraction (ERC-4337)

ERC-4337 on Ethereum takes multisig to the next level by turning the wallet into a "Smart Account". Outstanding features include:

• Social Recovery: Recover wallet via email or relatives without seed phrase.

• Spending limit: Automatically prevent transactions that exceed abnormal thresholds.

• Flexible fee payment: Allow gas fees to be paid with stablecoins or reimbursed by sponsored applications All.

Asset management on the exchange: Funding Wallet and Spot Wallet

For users on exchanges like Binance or Bybit, understanding the difference between wallet types is very important:

• Spot Wallet (Spot): Used to buy and sell directly on the market. Assets here are always ready for instant order matching or withdrawal to personal wallets.

• Funding Wallet: Used for P2P transactions, card payments or receiving rewards. Keeping money in a Funding wallet helps isolate assets from transaction risks (such as misplaced margin orders) and adds an additional layer of internal protection.

Process for setting up a secure multi-sig wallet

To set up a professional multisig system, Tan Phat Digital recommends following these steps:

1. Personnel selection: Identify reputable key holders, usually in different geographical locations.

2. Signing device: Each member should use a separate hardware wallet to isolate private keys from the internet environment.

3. On-chain initialization: Use reputable platforms such as Safe.global to deploy smart contracts.

4. Recovery drill: Always test with a small amount of money and perform a drill for a member losing keys to ensure the replacement process works smoothly.

10 Typical Case Studies of multi-signature wallets

1. Bybit attack (2025): North Korean hackers stole $1.5 billion by manipulating Manipulating Safe's user interface (UI) through malicious JavaScript injected into the cloud infrastructure. Lesson: Even multisig is useless if signers are fooled through "blind signing".  

2. Ronin Network (2022): Hackers took control of 5 out of 9 authentication nodes (multisig 5-of-9) of the Axie Infinity bridge, stealing 625 million USD. The mistake lies in the fact that the 4 keys are controlled by Sky Mavis itself, leading to too much concentration of power.

3. Harmony Horizon Bridge (2022): A vulnerability in the 2-of-5 multisig configuration allowed hackers to steal 100 million USD after capturing 2 private keys. An approval threshold that is too low relative to the asset size is a fatal mistake.

4. MakerDAO Governance: Use Gnosis Safe to manage treasury and enforce DAO governance decisions. With over $100 billion secured, it is the most successful example of multisig being used for large-scale community governance.

5. Parity library bug (2017): A bug in Parity's multisig library source code caused $280 million in ETH value to be permanently frozen after a user accidentally triggered a contract "cancel" command. This is a lesson on code risk in smart contract wallets.

6. Uniswap DAO Treasury: Manages over 3 billion USD in treasury through multisig voting and execution system. Uniswap uses working groups with multisig 3/4 to handle operating costs and ecosystem funding.

7. BitGo Standard: Born in 2013 after the Mt. Gox, BitGo standardized the 2-of-3 multisig model for institutions, helping restore confidence in secure asset custody for major exchanges.  

8. Gnosis Pay: Multisig application to retail payments, allowing users to keep money in personal Safe wallet but still be able to spend via Visa card with pre-programmed limits, combining self-management and convenience.  

9. Worldcoin Operations: World Foundation uses Safe infrastructure to manage critical operations, optimize transaction fees, and establish mechanisms that prioritize real users, demonstrating the scalability of multisig.  

10. Aave Private Whale (2025): An individual holding a large amount of assets (whale) on Aave was hacked for 27 million USD due to the private key leak of his personal Gnosis Safe wallet. This emphasizes that even when using multisig, maintaining the security of each individual key is still extremely important.  

Frequently Asked Questions (FAQ)

1. How is Multisig wallet different from regular wallet? Regular wallet (Singlesig) only needs a single key to perform transactions, creating the risk of losing all assets if that key is exposed. Multisig wallets require two or more keys, eliminating the risk of "single point of failure".  

2. What is the Threshold? This is the minimum number of signatures required for a successful transaction. For example, in a 2-of-3 configuration, you need at least 2 signatures from 3 keyholders to transfer funds.  

3. Will I lose my funds if I lose one key in a 2-of-3 wallet? No, your assets are still safe and accessible with the other 2 keys. This is Multisig's backup and recovery feature.  

4. Why are Multisig wallet transaction fees usually higher? Due to larger transaction sizes (containing more signature data) and the need to execute complex smart contract code on the blockchain.  

5. What is the fundamental difference between Multisig and MPC? Multisig uses many independent private keys and performs direct on-chain signing. MPC breaks a single key into pieces and performs off-chain signing for increased privacy.  

6. What are the specific risks when using Multisig on the Tron network? On Tron, bad guys can trick you into signing a Permission Update command to deprive you of ownership of your wallet, even if you still keep the original private key.  

7. What is the most important lesson from the Bybit hack? It is the "blind signing" error. Users should not just trust what is displayed on the computer screen, but must carefully check the transaction information on the hardware wallet screen before signing.  

8. What benefits does Account Abstraction (AA) bring to multi-signature wallets? AA allows setting up smart rules such as Social Recovery, daily spending limits, and paying gas fees with other tokens instead of just ETH.  

9. Can I combine cold wallet with Multisig? Yes, this is the most optimal security method. Platforms like Safe or Electrum both support integrating Ledger or Trezor devices as signers.  

10. When should organizations choose Multisig over MPC? Organizations should choose Multisig when they need absolute on-chain transparency for auditing and public DAO governance.  

Multi-signature wallets are not just a technical tool but also the foundation of trust in the decentralized world. With support from experts like at Tan Phat Digital, the implementation of multisig will help individuals and organizations optimally protect digital assets, ready for further advances in the blockchain economy.