Bitcoin Multisig: How 2-of-3 Self-Custody Works (And When You Need It)

Single-key Bitcoin custody has a fundamental problem: any single point of failure — lost seed phrase, device theft, house fire, compromised backup location — can mean total loss.

Multisig solves this. With a 2-of-3 multisig setup, your bitcoin requires signatures from any 2 of 3 keys to move. You can lose one key entirely and still recover your funds. An attacker who steals one key gets nothing.

This is the gold standard for securing significant bitcoin holdings. It’s also genuinely more complex than single-key custody. This guide explains what multisig is, how it works, when you need it, and how to actually set it up.

What Multisig Actually Means

In standard Bitcoin custody, one private key controls one address. Sign with that key, funds move.

In multisig, funds are locked to a script that requires M-of-N signatures to unlock — any M keys from a predefined set of N.

Common configurations:

  • 2-of-3: Any 2 of 3 keys must sign. Loss of 1 key = recoverable. Theft of 1 key = useless to attacker.
  • 3-of-5: Any 3 of 5 keys must sign. More redundancy, more complexity.
  • 2-of-2: Both keys required. No redundancy — losing one key loses everything.

2-of-3 is the standard recommendation for most individuals securing serious holdings. It balances security (no single point of attack) with recovery (no single point of failure).

Why Single-Key Custody Has Limits

A lot of good guidance in the Bitcoin community focuses on seed phrase backup — write it down, make multiple copies, store them in separate places.

This is right, but it creates a problem: if you have multiple copies of your seed phrase in different locations, each copy is a single point of attack. An attacker who finds any one copy gets everything.

You’re managing a tradeoff: redundancy (multiple copies) vs. attack surface (each copy is a target).

Multisig restructures this tradeoff. Instead of multiple copies of one key, you have multiple distinct keys, each stored independently. An attacker needs to compromise multiple locations to steal your funds.

The Single-Key Attack Scenarios

Scenario 1: You store one seed phrase in one location. House fire → funds gone. Theft → funds gone.

Scenario 2: You store three copies in different locations. More resilient, but each location is a target. If any one is compromised, you’re exposed.

The 2-of-3 Multisig Scenarios

Scenario 1: One location compromised. Attacker has one key. Needs two to spend. Your funds are safe.

Scenario 2: One key lost. Two keys remain. You can spend and move funds to a new wallet.

Scenario 3: Two locations compromised. Attacker has two keys and can spend. This is why key separation and geographic distribution matter.

Multisig doesn’t eliminate risk — it restructures it. The threat model becomes “compromising multiple geographically separate, independently stored keys simultaneously” instead of “finding one backup.”

The Wallet Descriptor: The Critical Detail Most Guides Skip

There’s something multisig guides often underemphasize: you need to back up more than just the three seed phrases.

To spend from a multisig address, Bitcoin needs to verify that the spending keys match the policy that locked the funds. This policy is encoded in a wallet descriptor (also called an output descriptor) — a string that specifies which keys in what configuration control the address.

If you lose the wallet descriptor, you can’t spend — even with all three seed phrases in hand.

What you must back up in a 2-of-3 setup:

  1. All three seed phrases (each stored separately)
  2. The full wallet descriptor (can be stored with each key, since it’s not enough to spend on its own)

Sparrow Wallet makes exporting the descriptor easy (Wallet > Export). Store this document physically with each of your keys, and consider a digital backup (it’s safe to store digitally since it can’t spend without keys).

Tools for Bitcoin Multisig

Sparrow Wallet (Coordinator)

Sparrow Wallet is the best desktop Bitcoin wallet for multisig. It handles:

  • Creating the multisig wallet from your devices’ xpubs
  • Building and displaying transactions for signing
  • Importing PSBTs (Partially Signed Bitcoin Transactions) from signing devices
  • Broadcasting finalized transactions to the network

Sparrow runs on Mac, Windows, and Linux. It’s open source and actively maintained.

Signing Devices

For a 2-of-3 setup, you need three signing devices. Options:

Three Coldcard Mk4s — The reference implementation. All three operate air-gapped. Maximum security.

Two Coldcards + One Trezor Safe 3 — Good setup. Geographic key diversity (different hardware manufacturer for one key).

Coldcard + Foundation Passport + Trezor — Three different manufacturers. Diversity reduces supply chain risk.

Software key (SeedSigner, Specter DIY, or even Electrum) — Can work but reduces security. Only appropriate if one of your three keys is intended to be a relatively accessible “convenience key.”

I’d recommend at minimum two hardware wallets from two different manufacturers. Using three devices from the same manufacturer creates single-vendor risk.

Step-by-Step: Setting Up 2-of-3 in Sparrow

This is a high-level overview. Sparrow’s documentation at sparrowwallet.com has detailed screenshots for each step.

Phase 1: Prepare the signing devices

  1. Set up each hardware wallet independently following that device’s setup guide
  2. Generate a fresh seed on each device — do not reuse seeds
  3. Back up each seed phrase separately, each stored in its own location

Phase 2: Export xpubs from each device

Each signing device generates an extended public key (xpub) that lets Sparrow build the multisig wallet without exposing private keys.

For Coldcard: Advanced > Wallet > Export Wallet > Generic JSON (saves to microSD) For Trezor: Connect to Sparrow, and Sparrow will request the xpub directly

Phase 3: Create the multisig wallet in Sparrow

  1. Open Sparrow Wallet
  2. File > New Wallet
  3. Name your wallet
  4. Select “Multi Signature” as the policy type
  5. Set M (required signatures) to 2, N (total keys) to 3
  6. Import each device’s xpub (by connecting the device or importing the exported file)
  7. Sparrow will generate the first wallet address — verify it on each signing device

Verify the receive address on each device. If the address on your Coldcard matches the address on your Trezor matches the address Sparrow shows — you’ve set up the multisig correctly.

Phase 4: Export and store the wallet descriptor

  1. In Sparrow: Wallet > Export
  2. Save the descriptor file (the format includes the xpubs and the 2-of-3 policy)
  3. Print or write this information physically
  4. Store a copy with each seed phrase backup

Phase 5: Test with a small amount

Send a small test amount (0.0001 BTC or similar) to your multisig address. Then:

  1. Create an outgoing transaction in Sparrow
  2. Export the unsigned PSBT
  3. Sign it on device 1 (one signature)
  4. The PSBT is now partially signed — import it back to Sparrow
  5. Export and sign on device 2 (second signature — threshold met)
  6. Import the fully signed PSBT to Sparrow and broadcast

Watch the transaction confirm in Sparrow. If it confirms successfully, your multisig is working.

Key Storage Strategy

With three separate seeds plus a wallet descriptor, you need a storage strategy. Here’s a practical approach:

Location A (Home)

  • Seed #1 (metal backup preferred)
  • Wallet descriptor copy
  • Hardware device #1 (optional — devices don’t need to be stored with their seeds)

Location B (Off-site — trusted family, safe deposit box)

  • Seed #2 (metal backup preferred)
  • Wallet descriptor copy

Location C (Off-site — different location from B)

  • Seed #3
  • Wallet descriptor copy

Key principles:

  • Any single location being compromised should not be enough to steal funds (only one seed per location)
  • Any single location being destroyed should not prevent recovery (seeds at two other locations + descriptor means you can spend with remaining two keys)
  • The wallet descriptor alone can’t spend funds, so it’s safer to distribute liberally

Signing a Transaction in Practice

Once set up, spending from multisig is straightforward but involves more steps than single-key:

  1. Create the transaction in Sparrow (enter recipient address, amount)
  2. Sparrow creates an unsigned PSBT
  3. Sign on device 1 (via USB connection or microSD/NFC for air-gapped devices)
  4. Return the partially-signed PSBT to Sparrow
  5. Sign on device 2
  6. Sparrow now has a fully-signed transaction — broadcast it

For routine transactions, this process takes about 10 minutes. It’s slower than single-key signing, but you only need two of your three devices available — you can keep one in a separate location and never bring it out for routine use.

When Does Multisig Make Sense?

Consider multisig when:

  • You’re holding more than $100,000 in bitcoin
  • You’ve been self-custodying for at least a year and understand the basics
  • You want to eliminate single points of failure in your security model
  • You’re thinking seriously about inheritance (multisig with a lawyer-held key is a real strategy)

Don’t rush into multisig if:

  • You’re new to self-custody — master single-key first
  • You haven’t thought through key storage (multisig with poorly stored keys is worse than single-key with well-stored keys)
  • You’re not ready to maintain three separate backup locations

The additional complexity of multisig creates its own failure modes. The most common multisig failure isn’t an attacker — it’s the owner losing a key and the wallet descriptor and being unable to recover.

Do single-key well first. Graduate to multisig when the value justifies the complexity.

Inheritance Considerations

Multisig enables some interesting inheritance strategies that single-key doesn’t.

Attorney-held key: You hold two keys, your attorney holds one. In the event of your death or incapacity, your estate executor can work with your attorney and one of your keys to recover funds. Your attorney’s key alone is useless.

Trusted person key: Hold two keys, a trusted family member holds one. They can’t spend without you. You can recover without them. Together, you could act in an emergency.

Document your multisig setup — wallet descriptor, key locations, how to use Sparrow — in a sealed letter to your estate executor. Not your seed phrases (they shouldn’t have unilateral access), but clear instructions on what exists and how to get professional help.

Summary

Multisig is the security model for serious Bitcoin self-custody:

  • 2-of-3 requires any 2 of 3 keys to spend
  • Losing one key doesn’t lose your funds
  • An attacker stealing one key gets nothing
  • The wallet descriptor must be backed up alongside the seeds
  • Sparrow Wallet + Coldcard is the reference implementation
  • Test everything with small amounts before moving significant holdings

It’s more work than single-key. For the amounts that justify it, it’s worth it.

If you’re setting up multisig for the first time, our Coldcard Mk4 review covers the signing device most commonly used in advanced multisig setups.