Multisig 2-of-3: Complete Tutorial to Secure Your Bitcoin

Table of Contents

1. Introduction
2. Understanding Multisig
3. Choosing the Architecture
4. Choosing the Coordinator
5. Step-by-Step Configuration
6. Signing a Transaction
7. Backup and Recovery
8. Geographic Distribution
9. Special Cases
10. FAQ
11. Summary Table
12. Conclusion
13. Internal Links
14. Sources and Resources

Suggested URL: /security/multisig-2-of-3-bitcoin-complete-security-tutorial

Category: Technical Security Tutorials

Summary: Advanced guide to setting up a Bitcoin 2-of-3 multisignature wallet. The ultimate solution to protect your wealth against loss, theft, and seizure risks.

Introduction

Eliminate the single point of failure to protect your Bitcoin wealth

In the Bitcoin world, security rests on a fundamental principle: whoever controls the private keys controls the bitcoins. This reality creates a dilemma: how do you protect a single private key against theft without creating a risk of total loss if that key disappears?

The technical answer has existed since Bitcoin's inception: multisig (multi-signature). Instead of depending on a single private key, a multisig wallet requires multiple signatures to authorize a transaction. In a 2-of-3 configuration, three keys exist, but only two are needed to sign.

This architecture eliminates two major risks:

• If a key is stolen, the thief cannot do anything without a second key
• If a key is lost, the remaining two allow recovery of the funds

Multisig is the preferred solution for protecting significant crypto wealth, organizing asset succession, or managing corporate funds. This tutorial will guide you step by step through setting up a robust 2-of-3 configuration.

1. Understanding Multisig

Discover how multiple keys can protect a single Bitcoin wallet

1.1 What is multi-signature?

In Bitcoin, every transaction must be signed by the owner's private key to be valid. It is the digital equivalent of a handwritten signature on a check.

Multisig changes this logic: instead of a single signature, the Bitcoin address is created to require M signatures among N possible keys. This is called an M-of-N configuration.

Examples of configurations:

1.2 Why the 2-of-3 ratio?

The 2-of-3 configuration represents the sweet spot for most individual use cases:

Advantages:

1. Loss tolerance: You can lose one key and still retain access to your funds
2. Theft resistance: An attacker must compromise two keys, not just one
3. Geographic flexibility: Three storage locations offer numerous combinations
4. Relative simplicity: Easier to manage than 3-of-5 while remaining robust

Comparison with alternatives:

1.3 Use Cases

Significant personal wealth

For any holder with more than 50,000 EUR in Bitcoin, multisig becomes self-evident. The added complexity is far outweighed by peace of mind. A single point of failure is no longer acceptable at this level of exposure.

Succession planning

Multisig allows you to involve trusted third parties in the transmission of your assets:

• You hold 2 keys
• Your notary or a trusted third party holds the 3rd
• In the event of death, your heirs + the notary can access the funds

Corporate management

For a company holding Bitcoin:

• The CFO has one key
• The CEO has one key
• The backup key is in a safe
• No single person can move the funds

Protection against seizure

In an increasingly strict regulatory environment, geographically distributed multisig makes any seizure extremely difficult:

• Key 1 in France
• Key 2 in Switzerland
• Key 3 in Portugal

No single jurisdiction can compel access to 2 keys simultaneously.

2. Choosing the Architecture

Select the right devices to diversify your security risks

2.1 Option A: Three different hardware wallets (recommended)

The most robust configuration uses three hardware wallets from different manufacturers:

Why this diversification?

1. Vulnerability risk: If a flaw is discovered in one device, the other two are unaffected
2. Jurisdictional risk: Manufacturers from different countries (Canada, Czech Republic, DIY)
3. Supply chain risk: Three distinct supply chains

Investment: Coldcard (~150 EUR) + Trezor (~220 EUR) + SeedSigner (~50 EUR) = ~420 EUR for maximum security.

2.2 Option B: Two hardware wallets + a paper backup

A less expensive but less secure alternative:

Limitations of this approach:

• The paper seed cannot verify destination addresses
• Risk of "blind" signing if the coordinator software is compromised
• Less protection against sophisticated attacks

2.3 Manufacturer considerations

Recommendation: Avoid using three devices from the same manufacturer. Diversification is key.

3. Choosing the Coordinator

Choose the software that will orchestrate your multiple keys with full transparency

The "coordinator" is the software that orchestrates the keys, creates transactions to be signed, and collects signatures. It is a crucial component of the setup.

3.1 Sparrow Wallet (recommended)

Why Sparrow?

Installation:

1. Download from sparrowwallet.com
2. Verify the GPG signature
3. Install on a dedicated computer if possible

3.2 Specter Desktop

A solid alternative to Sparrow, particularly suited for Bitcoin Core users:

• Clean interface
• Excellent integration with Bitcoin Core
• Native multisig support

3.3 Electrum

The historic Bitcoin wallet supports multisig but with some limitations:

• Less intuitive interface for multisig
• More technical configuration
• Limited air-gapped support

3.4 Security considerations

WARNING: The coordinator sees addresses and amounts, but does not control the keys. However, a compromised coordinator could:

• Display fake receiving addresses
• Create transactions to an attacker

This is why verifying every address on the hardware wallets before sending funds is critical.

4. Step-by-Step Configuration

Assemble your cryptographic fortress by following this methodical protocol

4.1 Process overview

+---------------+    +---------------+    +---------------+
|   Coldcard    |    |    Trezor     |    |  SeedSigner   |
|    (Key 1)    |    |    (Key 2)    |    |    (Key 3)    |
+-------+-------+    +-------+-------+    +-------+-------+
        |                     |                     |
        |   Export xpub       |   Export xpub       |   Export xpub
        v                     v                     v
+-----------------------------------------------------+
|                   SPARROW WALLET                     |
|             (Multisig Coordinator)                   |
|   Combines 3 xpubs -> Generates 2-of-3 addresses    |
+-----------------------------------------------------+

4.2 Step 1: Key generation on each device

Each hardware wallet must generate an independent seed phrase.

On the Coldcard:

1. Power on the device, select "New Wallet"
2. Choose 24 words (more secure than 12)
3. Optional: add a passphrase (25th word)
4. Record the seed phrase on a metal plate
5. Verify by re-entering a few words

On the Trezor:

1. Follow the setup wizard
2. Generate a new 24-word seed
3. Record on a permanent medium
4. Set a robust PIN

On the SeedSigner:

1. Select "New Seed" -> "Dice Entropy" (recommended)
2. Roll the dice 99 times for 24 words
3. Write down the generated seed phrase
4. The SeedSigner stores nothing -- the seed disappears when powered off

CRITICAL: Each seed must be generated offline, on the device itself. Never generate a seed on an internet-connected computer.

4.3 Step 2: Exporting the xpubs

The xpub (extended public key) allows the coordinator to generate all receiving addresses without knowing the private keys.

On the Coldcard:

1. Advanced -> Export Wallet -> Generic JSON
2. Select "Multisig" and the appropriate script format (Native SegWit recommended: P2WSH)
3. Export to SD card

On the Trezor:

1. Connect the Trezor to the computer
2. In Sparrow, select "New Wallet" -> "Air-gapped Hardware Wallet" -> "Trezor"
3. Follow the instructions to export the xpub

On the SeedSigner:

1. Enter your seed phrase
2. Select "Export Xpub"
3. Choose "Multisig" and the script type
4. A QR code is displayed -- scan it from Sparrow

4.4 Step 3: Creating the multisig wallet in Sparrow

1. New wallet: File -> New Wallet
2. Name it: e.g., "Bitcoin-Multisig-2of3"
3. Policy type: Multi Signature
4. Cosigners: 3
5. Threshold: 2 (signatures required)
6. Script Type: Native SegWit (P2WSH) recommended

Adding the keystores:

For each signer:

1. Click on "Keystore 1", then "Air-gapped Hardware Wallet"
2. Select the device type (Coldcard/Trezor/SeedSigner)
3. Scan the QR code or import the JSON file
4. Verify the fingerprint (unique key identifier)

Once all 3 keystores are imported:

1. Click "Apply"
2. Sparrow generates the multisig wallet
3. The first receiving addresses appear

4.5 Step 4: Address verification

This step is CRITICAL for security.

Each hardware wallet must be able to display the multisig wallet's addresses to verify they match.

On the Coldcard:

1. Settings -> Multisig Wallets -> Import via SD
2. Import the wallet configuration file
3. Navigate to "Address Explorer"
4. Verify that the displayed addresses match Sparrow

On the Trezor:

1. In Sparrow, click on an address
2. Select "Display on Trezor"
3. Verify that the address shown on the Trezor matches

On the SeedSigner:

1. Enter the seed
2. Load the multisig wallet via QR code
3. Verify the addresses

SECURITY ALERT: If the addresses do not match between Sparrow and a hardware wallet, STOP IMMEDIATELY. The coordinator may be compromised.

4.6 Step 5: Test with a small amount

Before transferring significant amounts:

1. Send a small amount (e.g., 0.0001 BTC) to an address in the multisig wallet
2. Wait for confirmation
3. Perform a test transaction to another address you control
4. Verify the full signing workflow (Section 5)

Only after this successful test, transfer larger amounts.

5. Signing a Transaction

Master the collaborative signing workflow across your different devices

5.1 Creating the transaction in Sparrow

1. "Send" tab
2. Enter the destination address
3. Enter the amount
4. Adjust the fees (choose the appropriate priority)
5. Click "Create Transaction"

Sparrow creates a PSBT (Partially Signed Bitcoin Transaction) -- an unsigned transaction, ready to collect signatures.

5.2 First signature (Device 1 - Coldcard)

Via SD card (air-gapped):

1. In Sparrow, click "Save PSBT"
2. Save to the SD card
3. Insert the card into the Coldcard
4. Ready To Sign -> select the PSBT file
5. Verify: address, amount, fees
6. Confirm the signature
7. The Coldcard creates a new partially signed PSBT file

5.3 Transferring the PSBT

The partially signed PSBT must now be brought to the second signer.

Transfer options:

For maximum security, use the SD card or QR codes.

5.4 Second signature (Device 2 - Trezor)

1. In Sparrow, load the partially signed PSBT (File -> Load PSBT or Scan QR)
2. The transaction shows "1 of 2 signatures"
3. Connect the Trezor or present the QR to the SeedSigner
4. Click "Sign" for the second keystore
5. Verify on the hardware wallet's screen: address, amount, fees
6. Confirm the signature
7. The PSBT is now fully signed ("2 of 2 signatures")

5.5 Broadcast

1. Sparrow displays "Transaction fully signed"
2. Click "Broadcast Transaction"
3. The transaction is sent to the Bitcoin network
4. Wait for confirmations

5.6 Complete flow diagram

+---------------+
|    SPARROW    |  1. Create PSBT (unsigned)
+-------+-------+
        |
        v  Export PSBT (SD/QR)
+---------------+
|   COLDCARD    |  2. Verify + Sign (1/2)
|    (Key 1)    |
+-------+-------+
        |
        v  Export partially signed PSBT
+---------------+
|    TREZOR     |  3. Verify + Sign (2/2)
|    (Key 2)    |
+-------+-------+
        |
        v  Fully signed PSBT
+---------------+
|    SPARROW    |  4. Broadcast to the network
+---------------+

6. Backup and Recovery

Organize your backups to guarantee recovery without compromising security

6.1 What to back up

6.2 Backing up the seeds

Each seed phrase must be:

1. Engraved on metal (fire, water, and time resistant)
2. Stored separately (3 different locations)
3. Physically protected (safe, hidden spot, trusted third party)

GOLDEN RULE: The 3 seeds must never be in the same place. If someone gains access to 2 seeds, your bitcoins are compromised.

6.3 The wallet configuration file

The configuration file contains the information needed to reconstruct the multisig wallet:

• The 3 xpubs (extended public keys)
• The script type (P2WSH, etc.)
• The derivation path
• The threshold (2-of-3)

This file does NOT contain the private keys -- it is therefore less sensitive than the seeds, but still important.

Recommended backup:

1. Export from Sparrow: File -> Export Wallet -> Output Descriptor
2. Print on paper and/or engrave on metal
3. Store with at least one of the seeds (not all 3 together)

6.4 Full recovery procedure

In case of loss of access to Sparrow or a computer:

Step 1: Install a new coordinator

• Download and verify Sparrow on a new computer

Step 2: Restore the hardware wallets

• Restore each hardware wallet with its seed phrase
• If a device is lost, you only need 2 out of 3

Step 3: Recreate the multisig wallet

• Import the wallet configuration file
• OR export the xpubs from each restored device and recreate the wallet

Step 4: Verify

• Make sure the addresses match previous records
• Check the balance

Periodic testing: Simulate a recovery every 6-12 months to ensure your backups are functional.

7. Geographic Distribution

Distribute your keys intelligently to withstand theft and disasters

7.1 Basic principles

Geographic distribution of keys protects against:

• Local theft: A burglar finds only one key
• Natural disasters: Fire, flood
• Legal seizure: No single jurisdiction has access to 2 keys

7.2 Storage strategies

7.3 Recommended configuration matrix

Cautious configuration (wealth < 100k EUR):

Reinforced configuration (wealth > 100k EUR):

7.4 Practical considerations

Access frequency:

• If you make regular transactions, keep 2 keys accessible
• If it is long-term storage, maximum dispersion is preferable

Documentation:

• Record the locations of each key in a separate encrypted document
• Communicate the necessary information to your heirs (Section 8.1)

8. Special Cases

Adapt your multisig configuration to specific succession and corporate scenarios

8.1 Succession: Instruction letter

Multisig complicates asset transmission in the event of death. Prepare an instruction letter:

Contents of the letter:

1. Explanation of multisig: What a 2-of-3 wallet is, why you chose it

2. Location of the keys:

   • "Key 1 (Coldcard) is in the safe in my office. The code is..."
   • "Key 2 (seed on metal) is in the bank safe deposit box at..."
   • "Key 3 is held by..."

3. Recovery procedure:

   • "Download Sparrow Wallet from..."
   • "Restore the devices with the seeds..."
   • "Import the attached configuration file..."

4. Technical contacts:

   • Name of a trusted technician who can help
   • Links to tutorials

Storing the letter:

• With the notary (sealed)
• In a bank safe deposit box (with one of the keys)
• Encrypted version with a close relative

WARNING: The letter should enable recovery but not be sufficient on its own to access the funds. The seeds remain the critical elements.

8.2 Corporate: Governance and key rotation

For corporate use:

Recommended governance:

Key rotation:

When a key holder leaves the company:

1. Create a new key (new hardware wallet)
2. Create a new multisig wallet including the new key
3. Transfer all funds to the new wallet
4. Destroy the old key (hardware wallet reset)

Documented procedures:

• Key access log
• Policy signed by key holders
• Periodic configuration audits

8.3 Scaling up: From 2-of-3 to 3-of-5

If your wealth grows significantly, you can migrate to a more robust configuration:

When to move to 3-of-5?

• Wealth > 500k EUR
• Need to involve more parties (board of directors, trustees)
• Distribution across more than 3 jurisdictions

Migration procedure:

1. Create the new 3-of-5 wallet with 5 keys
2. Gradually transfer funds
3. Verify the operation with small amounts first
4. Once everything is migrated, old keys can be reused or destroyed

FAQ

Q1: What happens if I lose 2 keys out of 3?

Your bitcoins are permanently lost. This is the price of security: the system protects against the compromise of one key, but 2 lost keys make the funds irrecoverable. This underscores the critical importance of metal backups and geographic distribution.

Q2: Can an attacker guess my multisig configuration?

No. Multisig uses distinct addresses that only reveal their nature at the time of spending. An external observer simply sees a normal Bitcoin address. The 2-of-3 structure only becomes visible during the spending transaction.

Q3: Can I use the same passphrase on all 3 hardware wallets?

Not recommended. If you use passphrases (25th word), use different passphrases for each key. Otherwise, compromising the passphrase would compromise all 3 keys if the seeds are also stolen.

Q4: Does multisig work with Lightning Network?

Partially. Standard Lightning channels do not directly support on-chain multisig. Advanced solutions exist but are more complex. For Lightning, a single-sig setup with a Coldcard or a dedicated node remains more practical.

Q5: How long does it take to sign a transaction?

With practice, 5-10 minutes for a standard transaction:

• 1-2 min: Creation in Sparrow
• 2-3 min: First signature (export, verification, signing)
• 2-3 min: Second signature
• 1 min: Broadcast

This is longer than single-sig, but acceptable for high-value transactions.

Summary Table

Find all key recommendations for your setup at a glance

Conclusion

Multisig is not paranoia -- it is prudence in the face of what is at stake

Multisig 2-of-3 represents the pinnacle of Bitcoin security for significant holders. By eliminating the single point of failure, you protect your wealth against theft, accidental loss, and seizure.

The added complexity is real but manageable. With practice, the signing workflow becomes routine. And that routine is the modest price to pay for total peace of mind.

Actions to take now:

1. Assess your exposure: Is multisig appropriate for your situation?
2. Acquire the necessary hardware wallets (diversify manufacturers)
3. Follow this tutorial step by step, starting with small amounts
4. Document your configuration for succession purposes
5. Periodically test the recovery process

Internal Links

Deepen your mastery of Bitcoin security with these complementary tutorials

• Coldcard Air-Gapped Guide -- Detailed Coldcard configuration
• Build Your Own SeedSigner -- DIY hardware wallet
• Verify the Firmware -- Device security
• The Passphrase (25th Word) -- Additional security layer
• DAC8 and Information Exchange -- Why sovereignty is crucial

Related Articles -- Technical Security

• Verify Hardware Wallet Firmware
• SeedSigner DIY Complete Tutorial
• Passphrase 25th Word Bitcoin
• Coldcard Air-Gapped Bitcoin Guide

Sources and Resources

Official documentation

• Bitcoin BIP-0011: Original multisig specification
• Sparrow Wallet: sparrowwallet.com/docs
• Coldcard Multisig Guide: coldcard.com/docs/multisig

Further reading

• Bitcoin Multisig Guide: bitcoiner.guide/multisig
• Glacier Protocol: Advanced storage protocol
• 10x Security Bitcoin Guide: btcguide.github.io

Tools

• Sparrow Wallet: sparrowwallet.com
• Specter Desktop: specter.solutions
• Caravan: Unchained Capital multisig tool (caravan.unchained.com)

Article written in December 2025. Hardware and software recommendations may evolve. Always test with small amounts before transferring significant funds.