Multi-Sig Wallets

A lot of financial processes require multiple signatories, like a wire transfer for example. That adds a level of security and comfort to a process that moves a lot of funds quite quickly.

So it makes sense that blockchain technology would find a way to mimic that in software.

It is called a “mult-sig wallet” and if you use one, you need multiple “signatories” to move funds out of the wallet. I put signatories in quotations because what you actually need is multiple private keys to move funds out of the wallet.

CoinCenter wrote a nice explanation of multi-sig technology back in early 2015 that I frequently share with people who ask me about multi-sig. Give that a read if you want to learn a bit more about how this technology works and why it is so useful.

Our portfolio company Coinbase uses multi-sig technology in its vault product which is currently available for Bitcoin wallets and will eventually come to its other wallet offerings.

If you use a hardware wallet like Ledger, you can use the BitGo software to get multi-sig on it. Here’s a blog post about that.

With the big increase in crypto prices this year, many people are now holding significant amounts of crypto assets. It is worth taking security more seriously and putting your assets, or at least most of them, into a multi-sig wallet is a good step toward that.


Comments (Archived):

  1. LIAD

    Key storage/protection is a perpetual headache.Trust exchanges. Trust hardware wallet firmware. Trust web wallet softwareTrust your own (in)competence.- all have their own drawbacks. All leave residual stress and anxiety along their own attack/error vectors.It’s not all fun and games in crypto land.

    1. creative group

      LIAD:There are no fundamentals that we rely upon to accurately provide guidance in investing in crypto-currency that would allow us to wet our feet. Our risk tolerance is low on the dramatic fluctuations in the space.There is another issue we view as problematic. Ease of use, exit and security.Your thoughts.

    2. Cyrilb88

      Have you taken a look at Ledger Wallet? I certainly sleep better since Nano S.Full Disclosure – I’m an investor there.

      1. LIAD

        I know it. But still. Hacked firmware. Dodgy upgrade. Coins caput.

  2. Curious

    It certainly is crass of me to ask, but I’m burningly curious: approximately how many Bitcoin are you currently holding now Fred?Regards,Curious

    1. creative group

      Curious:”It certainly is crass of me to ask”Other words describing your smart question came to our minds.That curious question places you into the “Why would any stranger ask that question”.Curious approximately how much money do you have in your bank account and what is the account number and password. When reading that it sounds dumb doesn’t it. Or you may think maybe not.Fred will surely answer that smart question ASAP.The Contributors on the blog are aware of attempts of someone attempting to hack Fred’s accounts.So your crass question immediately puts your question in a special space.Poof..Captain Obvious

    2. fredwilson

      Why would I disclose that? It is a security risk to be talking about it as much as I do

      1. LE

        Agree. And needs more friction.A company like coinbase should have locks in place [1] which require only 2 designated employees to be able to do final approval and have transactions processed over a certain dollar amount or time period for those high value clients. Non automated. [2]The question that I would want answered if I had a large amount of money stored in a service like coinbase was what are the weak leaks to my money leaving coinbase. No amount of automation is going to prevent this if there are a host of people at coinbase who have some form of root access. If they disclose this though it’s a security risk. But the current writeup is just a standard ‘trust us we use best practices and have our act together’.[1] Which they can charge for.[2] For example with wire transfers I need to be physically at the bank. With my old mom I don’t even want her having any online bank accounts even if that means he is losing out on interest. Just to much of a ‘little old lady’ risk.

      2. jason wright

        quite. you’ve already been socially engineered once this year.

  3. JLM

    .Multiple authorizations on the movement of money is a kindergarten level legacy financial control which has been around for years at places like Wells Fargo, Charles von Schwab, and USAA.When running a company with sixty + subsidiaries, we used to use something called “Positive Pay” which required a bank to verify every payment as being at least the second time such payment was made to that payee. First time payees (above a specified amount) were required to be verified.To make it work, we had to have all of our accounts with a single bank nationwide, but that was not a problem.Also, we had a single account through which payments were made, but that was a simple accounting aggregation strategy. [We received the benefit of “just in time” cash management aggregation which got us a few more bucks in interest income].It was a big bank provision which caught two forged checks totaling a significant amount of $$$.We were not liable for any losses if we engaged the bank to use Positive Pay (which cost like $1/account per month). In both of the instances of the forgeries, it was on them.I belabor this point for three reasons:1. If bitcoin is to be used broadly, it will have to embrace simple financial controls like the legacy institutions have been doing for decades. Many of these controls, while simple as hell, are the basic level of financial prudence expected of any money manager or trustee.2. Bitcoin — as it relates to everyday use in simple financial transactions — will not be some revolutionary app. It will act like legacy operators because a lot of financial controls are essential and prudent. Fred’s post makes this point.3. Bitcoin did not invent sex. This is some painfully OId School stuff.JLMwww.themusingsofthebigredca…

    1. markslater

      multi-sig will go way beyond the transfer of FIAT value – your argument about the transfer of fiat is of course rock-solid – but we need to think about digital multi-sig in an entirely different way – Crypto represents a potential exchange of value at the application layer – not just the packet layer (which for me would be more analogous to what you talk to….)

      1. JLM

        .Freddie’s example was a wire transfer and “mov(ing) funds out of the wallet.”My comment was intended only to show the direct and proximate linkage between that ultra simple action and the legacy means and methods.Part of the allure of the blockchain is its ability to eliminate the middleman and no sooner does it begin to take on those duties than it reverts to middleman, legacy functions.I have always believed that the middleman — WFB, Charles Schwab, USAA — performs a worthy function, amongst which is security, reliability, and having someone to revive the corpse if something dies in the process.JLMwww.themusingsofthebigredca…

  4. jason wright

    the existence of a Coinbase still seems highly antithetical to the basic principle of the space.

    1. LIAD

      that anarchic cypherpunk vibe died a long time ago.for crypto to have any chance of mainstream adoption and success it needs stable, regulated, trusted giants like coinbase to make it happen.the lawless caveat emptor decentralised wild west isn’t a utopia its a nightmare.

      1. jason wright

        what’s lawless about each person taking custody of their own tokens? i don’t see that as anarchic. i see that as empowering.a Coinbase concentrating tokens in one place creates the potential for instability should it be attacked and successfully hacked. may i remind readers that the distributed internet was conceived to prevent ‘the enemy’ from knocking out America’s communications infrastructure with one carefully targeted strike. decentralisation creates resilience. concentration creates vulnerability. a Coinbase is a point of vulnerability.

        1. LIAD

          lawless as in there’s no recourse if your funds are stolen. no central authority to revert the transaction.

        2. David C. Baker

          Jason, I understand your point from an intellectual standpoint, but Coinbase has allowed me–someone with sufficient smarts but not enough in this case–to get me into digital currency w/ enough success that I can now do what you suggest and take the next step w/o them. But they are the auto dealer maintenance shop for everyone who doesn’t want to or understand how to work on their own car.The added layer is purely convenience for people who want it, and I think they perform a great service. I trust them as people, but I do not trust them as a service, however, and so for me they are a middle ground that I am graduating FROM, but tens of thousands of people have graduated TO Coinbase, and it’s been very helpful to them (and me).

          1. jason wright

            yes, and i do see the utility of a Coinbase (and there is a real demand in the market for it and that explains its rapid growth), but i don’t see it as being native to the next stage of the evolution of the space.i would like to see governments coordinate to regulate node operators across all blockchain networks. no anonymous or pseudo anonymous operators. KYN (know your node) and ATL (anti token laundering) protocols.

          2. markslater

            i totally agree – they are taking a rent seeking position to a decentralized outcome…..labels to music

  5. William Mougayar

    Multi-sig can also be applied to unlock business processes and decisions. For example, smart contracts can include multi-sig in their programming logic.

    1. awaldstein

      Good one.Been reading a bunch of white papers and ICO proposals and some of them touch on this. But honestly there seems to be more detail on the investment and funding than on the infrastructure and product.As expected.

    2. markslater

      Multi-sig will be the backbone of private blocks – but will be used in ways far beyond the transfer of FIAT value – a point that JLM – respectfully – misses in his comment…

  6. LE

    This link you gave is great. Very good and clear explanation including examples and various real life scenarios.

  7. LE

    I am not sure I would trust this scheme with any large amount of money.…The weak point appears to be that if you have access to someone’s phone you can move funds or by social engineering the people that get emails or if you don’t have their phone intercepting the SMS (if they don’t use authenticator or you don’t social engineer). They probably should restrict SMS over a certain dollar amount in an account or give a firmer warning of the dangers of that. (I personally think the danger is pretty remote IRL but it is there).So I think over a certain dollar amount (or dollar amount per time period) they need an additional method (which they can charge for) which involves some other form of contact by or with the account holder done in a way that lessens the chance of an issue. [0] Perhaps something as simple as entering a credit card to authorize a charge for a trivial amount. [1] Or maybe requiring a fedex letter in advance of actually setting up a transaction. The fedex letter (or sure could be postal letter) requires a piece of paper that the client stores somewhere and sends in which is only good for X hours. Only if that exists can someone then request a large amount of money to be transferred (with the other methods of authentication not instead of them). So someone needs physical access to that paper in some way.Also multiple approvals are great for an account for a business or maybe for a family. But there has to be a backdoor (what if one family member is away or incapacitated?). And what about personal accounts securing a large amount where you don’t want anyone else involved perhaps because there isn’t anyone that you trust to be involved or know your financial dealings? (And I am not saying there aren’t issues with existing legacy banks either. there are but those have been time tested with billions of transactions (and lessons learned) and this has not.)Also one other potential issue.. The price of bitcoin is volatile. Having this type of friction seems to greatly impact the ability to sell the bitcoin if you spot an opportunity to take a profit.[0] Over a certain transaction size reach out with an actual personal email to the client and make sure you get an answer that matches in some way other communication with the client.[1] We require something like this for certain transactions and transfers and charge for it (it’s actually somewhat of a small profit center).

    1. JamesHRH

      That’s my main issue too.If you have large amounts in play, you have money to spend to insure those large amounts.Blocchain is self defining as a transaction platform for non-valuable things.

      1. JLM

        .Sounds like Houston HRH is pimping for some legacy controls? Turns out some of those regulatory controls and a bit of insurance — typical middleman doodah — may be desirable?JLMwww.themusingsofthebigredca…

        1. LE

          You know there are many things that are simple in concept but by the time we end up adding ‘this and that doodad’ they become very complicated. All the additions have a purpose. [1] Middlemen have a purpose.I am sure you remember growing up as a kid, and maybe having one of those engines that you build that is plastic from a kit. Or maybe you took apart a 2 cycle lawnmower for fun like I did. What makes it work is tremendously simple in concept (like a fax machine or a gun). But as it progresses through time engineers, trying to make it better and more efficient and useful, add all sorts of gadjets and modifications. Until it gets to the point where it’s not simple anymore. (Computer code is like this as well as are a host of things…obviously).So yes we are now getting into the ‘doodad’ phase of things.Ironically who is the ultimate beneficiary of an increase in complexity and doodads? Middlemen. The more complicated something is the more you need a third party to help you navigate it.[1] Just like all tax breaks have a purpose and all laws have a purpose. (Then we end up later on with a complete mess, right?)

          1. JLM

            .Simple is too easy, sometimes. For some people.I have my kitchen — cabinets, et al, being remodeled and repainted. The paint has to be “sprayed” says someone who ranks higher in the chain of command than me.We have a painter who is a miracle worker. He can make an ancient door look like it is brand new. He takes over the garage as his spray booth.Of course, we have to install “slow close” hinges and new pulls (I think they are solid platinum).The painters arrive with a crew of four and a box of sandpaper. They proceed to remove the doors, the hinges, the hardware and then tape off everything and spray paint the boxes, the face frames, the interiors. The doors go into the garage for some more spray work and to hang to dry.Meanwhile, the cabinets are remodeled for bigger farmhouse sink, bigger SubZero refrigerator, new wine cooler, double ovens with microwave/convection/steam features which require more electricity, and a range big enough to cook for a platoon of hungry combat engineers. All that range heat requires a vent strong enough to snatch a toupee off an unwary cook at 1000 CFM and no sound.All of the plumbing has to be redone and we need to add 747 size waste disposals which can reduce fine silver to dust. Three of them and a hot water dispenser with a chilled water mate.All of this work is done by extremely capable craftsmen. My experience building high rise office buildings barely qualifies me to understand the intricacies of undermount sinks with plumbing hardware more expensive than my first car.But, the painter, he has his guys prepare — sand — everything by hand. The hand work is spectacular. I ask him, “Why no orbital sanders?”He says, “They eat sandpaper, they require training, they get lost and stolen. Anybody can hand sand. Orbital sanders cannot tape off the backsplash (hand thrown subway tile with perfect imperfections) and the counter tops (new honed finish Carrara marble).”The implication is he can get a lot of willing hands to sand, but it is a little bit harder to do it with an orbital sander. This mystifies me until I see how much sanding four guys can do in 8 hours and the finished product which is better than new.One of them speaks English and when you go in to inspect, it is like the Queen trooping the guard. They are the most accommodating workmen I have ever met. All of my neighbors want to use them next and they have more work lined up than Harvey in Houston.Their key, secret sauce, is the simplicity of their operation. That and oil based paint, the fumes of which have to be toxic. Oh, yes, and the hand work.There is something to be said for simplicity.JLMwww.themusingsofthebigredca…

          2. LE

            Great story. Reminds me of in my first business how as we added a hundred things that we could produce or sell and then we then had a complete mess of complicated products and processes. As I’ve said before my brain had no issue at all immediately understanding all of it. But the grade of people would could afford to hire (per your story) had a tough time. Obviously. And when we hired new people there were hundreds of things they had to learn vs. just a few. Upside though were had many things we could do and were not just tied to a few (which would have been simple).That business had me in a vice it seems. [1]He says, “They eat sandpaper, they require training, they get lost and stolen. Anybody can hand sand. Orbital sanders cannot tape off the backsplash (hand thrown subway tile with perfect imperfections) and the counter tops (new honed finish Carrara marble).”Funny though marketing wise it’s would be better for your contractor to sell the sizzle as far as why he hand sands vs. simply saying ‘I hire dumb people’. Eh? Sure you might figure out the real reason (as I would easily sift through partly BS) but most people would not. (Third sentence is what he should say in part and not the first two…after all you don’t tell someone you are building the luxury building where the land is cheap or easy to build on, right?)You know STIHL doesn’t say ‘we can’t make our margins selling to big box stores’ they say ‘we are a better product and here is why’.[1] “someone who ranks higher in the chain of command than me.” (sorry to hear that but not the case for me (he brags)…)

          3. markslater

            FWIW i’ve seen both sides of this too. on the good side, their key is that they actually learnt a craft – they likely (in the case of the englishman) went to a school to learn this.i live in south boston – i think its the hottest real-estate market in all of the US. You have irishmen who have learned a craft and do great work – and you have pikeys and speculators that “bang stuff out” the difference is worth every $$ imho.

          4. JLM

            .The “englishman” is a Mexican who speaks English and I am pretty sure he did not go to school to learn to sand or paint. Nonetheless, he is a meticulous craftsman.I didn’t know that S Boston was a hot real estate market. West ATX has homes selling in the $6-800/SF range and I thought that was pretty damn hot. I am renovating this home to sell as I downsize into the empty nest.The Irish are good craftsmen as long as you don’t let them start drinking until quitting time (Brennan, am I on my mother’s side, so a bit of cheeky tongue in cheek).JLMwww.themusingsofthebigredca…

          5. markslater

            ha! and never hire an irish nanny unless you want paul oakenfold on at 2am.I think we are in that range too.

  8. OurielOhayon

    i feel the weak point is not multi sig but 2FA which is at the origin of most theft. the experience provided by most apps is weak in my opinion…a lot has to be invented yet there in terms of best practice. For example what happens when you move to a new phone and your 2fA is tied to Google authenticator?

    1. markslater

      i use it – but am clueless as to its potential weaknesses….

  9. markslater

    20% of 3 comma club 😉