pull down to refresh

I've read quite a few of the threads on SN around this topic and while many seem to favor singlesig I still can see some benefits of multisig that may make it worthwhile. The main benefits to me revolve around mitigating software/firmware/hardware bugs, an upstream supply chain attack, or a bad random-number generator.
If I were to use a single sig electrum wallet or one HWW, any of those issues I mentioned could be devastating. Those issues may already exist in particular hardware/software or may not have been discovered yet. But if I use a 2/3 setup, an attacker would need two of my HWW to have an issue and exploit them together to move funds. That seems like a substantial upgrade in security.
Everything is trade-offs of course and I love the simplicity of single sig, but I find it hard to put all my faith in one HWW (even a coldcard) and hope that it was not tampered with on the way to me or could not have a malicious firmware update in the future...
I think Michael Flaxman made a pretty good argument here: https://btcguide.github.io/why-multisig
he explains in much more detail in this podcast episode: https://stephanlivera.com/episode/97/
If you are storing any significant amount of BTC, you really need to be using multi-sig. Even if you hold all the parts, it's still going to provide more security, at the cost of convenience, than a single-sig. Multi-sig can also help prepare you against things like natural disaster, your own death (for passing on to heirs), etc.
You can't reasonably store a backup of you single-sig anywhere with any party without completely trusting that party. You can reasonably store a part of a multi-sig with another party without needing to trust them completely or really even at all.
Likewise, if you're the "bury your Bitcoin seed in the woods" type, if somebody finds your stash? They found your bitcoin. If they found 1/3rd of your stash? Good luck finding the rest.
reply
Eliminate single points-of-failure, test redundancies.
reply
10 sats \ 1 reply \ @hugomofn 7h
Multisig is great, and UX is quickly improving!
Checkout Taproot-based multisig wallets, which we just launched a few hours ago on Nunchuk (currently a beta feature): https://nunchuk.io/blog/taproot-multisig
It leverages Schnorr signatures and MuSig2 protocol to enhance privacy (i.e. Taproot multisig transactions look indistinguishable from singlesig transactions on-chain) and lower transaction fees.
10 sats \ 0 replies \ @Aardvark 18h
I don't have a ton of bitcoin but enough that I'd be pretty upset if I lost it all. I'm in the process of switching to multisig myself.
reply
0 sats \ 0 replies \ @Miranda 5h
Multisig wallets offer a number of advantages that make them attractive for a variety of scenarios, some of which are listed below:
Increased security: By requiring authorization from multiple parties, the risk of theft or loss of funds is significantly reduced. Shared management: Ideal for teams, organizations or families wishing to manage funds jointly. Error prevention: The need for multiple signatures reduces the possibility of human error in transactions. I consider a multisig wallet to be a powerful tool for those seeking greater security and control in their cryptocurrency transactions. Its ability to require approval from multiple parties offers an additional layer of protection and flexibility.
reply
0 sats \ 4 replies \ @joda 16h
Air-gapped hardware wallet with a passphrase mitigates all attack vectors you mentioned.
reply
So lets imagine your device has malicious firmware (either malicious from HWW devs or from supply chain attack or evil maid). It has been modified so all spends go to an address they control despite the display on HWW shows that it will be directed to the address you provided.
How does the fact that it is air gapped prevent this?
reply
0 sats \ 1 reply \ @joda 12h
Because you don't broadcast a transaction from a hardware signing device.
You take the signed transaction and just look at it on any computer and you'll see the addresses. If it's not one you control, don't broadcast and stop trusting that particular signing device.
You should always check your transaction before broadcasting anyway, even if you're using multisig.
No offense intended at all, but if you don't know this already, you may be more likely to make a mistake with your multisig setup. Please make sure you understand the risks and best practices.
By far the biggest causes of lost funds are user error and scams. I understand completely the desire to be as cautious as possible, and multisig has uses, but I think you might be overestimating the threat of malicious hardware signing devices.
reply
The issue is with verifying 'which addresses' belong to that 'wallet' (really a keyring).
And it is not a great idea... to trust a computer screen. Of course you will need to trust a screen of course. But by storing the keys offline and air-gapping a HW wallet the safety goes up immensely.
Multi-sig just improves on that for certain situations, where you have 2 independent, separately manufactured devices sign 2 different keys. If both devices don't agree on exactly what they are signing... the transaction will not go through. This is even improved when the signing devices/keys are geographically separated.
reply
Wrench attack/bad cleaning lady?
reply