SSP Editorial Team

What is multisig, and why it matters

·7 min read·By SSP Editorial Team
Navy SSP cover with key, shield and lock icons over a dark gradient, opening the Multisig Deep Dive series

If you read the Self-Custody Fundamentals series, you finished it with a working 2-of-2 SSP wallet and your first thousand dollars off the exchange. That series answered why — why custodians fail, why your keys matter, why a checklist beats a perfect plan. This series — Multisig Deep Dive — answers how. Specifically: how the wallet you're already using actually works, and why "multisig" is a much bigger idea than the two-device setup that made yours.

This is article 1 of 7. The next six articles get progressively more technical. This one is the orientation — what multisig is, how it differs from the wallet most people have used, and what it is genuinely good (and not so good) at. If you stop here, you'll still understand the category. If you keep going, the rest of the series fills in the spec underneath.

TL;DR

  • Multisig is short for "multi-signature." A multisig wallet is one where more than one private key has to sign before money can move.
  • The shorthand is m-of-n: you have n total keys, and any m of them have to sign to authorize a transaction. SSP's default is 2-of-2: two keys exist, both must sign.
  • Multisig is not a backup of your seed and not the same as social recovery. It's a different signing model, not a different storage model.
  • It's good at three things: removing single-point-of-failure risk, enforcing joint control, and making certain attack patterns much harder.
  • It does not stop you from being phished, does not replace good seed hygiene, and is overkill if your total exposure is twenty dollars. It starts paying for itself somewhere between "first meaningful balance" and "this is real money to me."

What "multisig" actually means

Every transaction on Bitcoin, Ethereum, or any account-model blockchain has to be signed by a private key before the network will accept it. The address you receive money at is mathematically derived from the public half of that key. The address is a public mailbox; the private key is the only thing that can open it.

A single-signature wallet — what most wallets are by default — has exactly one private key. One key creates the address. One key signs the transaction. Lose the key, lose the money.

A multi-signature wallet has multiple private keys associated with a single address (Bitcoin) or a single smart-contract account (Ethereum and most account-model chains). The address is constructed in a way that the underlying chain understands: "this address requires m of the following n public keys to sign before any output can move."

The notation is m-of-n:

  • 2-of-2 — two keys exist, both must sign. SSP's default. Each signer is a different device.
  • 2-of-3 — three keys exist, any two must sign. Common for personal cold-storage setups: laptop + phone + a recovery device, any two get you in.
  • 3-of-5 — five keys, any three sign. Used by businesses and some inheritance setups.

The chain doesn't care who holds the keys. It cares that the required threshold of signatures arrives before the transaction is accepted. That's it. Multisig is a spend rule, not a piece of software.

How multisig differs from a single-key wallet with a backup seed

This is the most common misconception, so it's worth being precise.

If you have a normal hot wallet — MetaMask, a Phantom wallet, a single-key Bitcoin wallet — and you write down its seed phrase on paper, you have two copies of one key. The seed and the device hold the same secret in different forms. Anyone who finds the seed paper, alone, can drain the wallet. The seed is not a second signer; it's a backup of the first.

A multisig wallet has multiple, independent keys, each with its own seed. To move money you need m of them to both be present and both sign the same transaction. Finding one seed paper is not enough — the thief still doesn't have the other signer, and a 2-of-2 wallet is immobile without it.

This is why multisig changes the security posture of a wallet in a way a backup seed doesn't. A backup seed protects you against losing access. Multisig protects you against an attacker gaining access. They're orthogonal — and a serious self-custody setup eventually wants both.

If you want the mechanics worked through for SSP specifically, What is 2-of-2 multisig? is the existing post this whole series sits next to. Read it after this one — it's the deepest dive on the specific setup you're already using.

The three things multisig is genuinely good at

1. No single point of failure. Lose one device, get phished on one device, accidentally type one seed into a malicious form — none of those, on their own, drain a properly configured multisig wallet. The attacker (or your own bad day) has to compromise enough keys to clear the threshold. That isn't impossible, but it stops the single-mistake scenarios that drain most retail wallets.

2. Enforceable joint control. If two people each hold one key in a 2-of-2, neither can spend without the other. The chain enforces this. No trust required, no contract needed, no escrow service. The blockchain itself becomes the arbitrator of the spending rule. This is the property businesses, partnerships, and family setups care about.

3. Asymmetric attack difficulty. A single-key wallet has one secret to steal. A 2-of-2 multisig has two, in different places, on different devices, with different attack surfaces (a browser extension and a phone, in SSP's case). An attacker who has built malware for one platform has to build a separate, coordinated attack for the other. That's a much harder operation than scraping seeds off a single compromised machine.

What multisig is not

It's not magic. Some specific things it does not do:

  • It doesn't protect against social engineering. If you're tricked into signing a malicious transaction on both devices, multisig signs that transaction. The chain has no idea you were tricked.
  • It's not social recovery. Social recovery (Argent, Safe's guardians) is a smart-contract pattern where trusted people can help you recover a single-key wallet. Multisig is a spending rule on every transaction. We'll do a full article on the difference later in the series.
  • It's not the same as MPC. Multi-party computation wallets (Fireblocks, Coinbase MPC, some institutional products) split a single key into shares using cryptography. From the chain's perspective there is still one signature. Multisig is the opposite: multiple distinct keys, multiple distinct signatures, all visible on chain.
  • It doesn't replace good seed phrase practice. You still have to back up each signer's seed. The seed is still the recovery path. Multisig protects spending; it doesn't reinvent storage.

When you actually want it

A useful mental model: multisig pays for the friction it adds when your exposure crosses the line where a single-key mistake stops being recoverable from your normal monthly income.

For most people, that means:

  • Under ~$100: Single-key hot wallet is fine. The friction of multisig outweighs the protected value.
  • $100 to ~$10,000: A 2-of-2 setup like SSP starts to make sense. Two devices isn't burdensome; the protection against single-device compromise is meaningful.
  • $10,000+ or business funds: Multisig is more or less the default professional setup. The exact m-of-n depends on whether you're one person or several, geographically distributed or not, planning for inheritance or not. Article 2 of this series covers those choices.

The framework Not your keys, not your coins, explained sets up why you'd self-custody in the first place. This article and the next answer which kind of self-custody, once you've decided to.

What this means for you

Three takeaways to carry into the rest of the series:

  1. Multisig is a spend rule, not a piece of software. Any wallet that implements the m-of-n contract is a multisig wallet; the difference between them is UX and which chains they support.
  2. It's complementary to seed backups, not a substitute. You need both: backups to handle loss, multisig to handle theft.
  3. It scales with your stack. The exact m-of-n you want depends on who's involved and how much is at stake. The next article, 2-of-2 vs 2-of-3 vs m-of-n multisig, walks through the practical choice for personal, joint, and corporate setups. If you finished the Self-Custody Fundamentals first-1000 checklist, 2-of-2 was the default — but it isn't the only option, and the next post is where you decide whether to stay there.

For a quick refresher on the specific SSP implementation that this series surrounds — two devices, browser extension + mobile app, single-signer UX — start with Meet SSP Wallet. Everything in this series uses that setup as the running example.

Share this article

Related articles

Navy SSP cover with shield, key, eye-off and CPU icons on a dark gradient, the failure-modes chapter of Multisig Deep Dive

Multisig failure modes and how SSP mitigates them

Five multisig failure modes: lost device, lost seed, key compromise, server outage, total destruction — and the recovery path for each in SSP.

10 min read
Navy SSP cover with key, lightning and shield icons on a dark gradient, the single-signer UX chapter of Multisig Deep Dive

Single-signer multisig: how SSP makes two devices feel like one wallet

How SSP collapses 2-of-2 multisig into single-signer UX, what is hidden, where it breaks, and why the friction you see is the security.

9 min read
Navy SSP cover with key, shield, fingerprint and lock icons on a dark gradient, the social-recovery comparison chapter of Multisig Deep Dive

Social recovery vs multisig: two answers to losing a key

Multisig protects against theft; social recovery protects against loss. Side-by-side comparison of when each wins for solo, joint and team setups.

8 min read