PROOFOFCUSTODY
Bitcoin
Data
Get the Report
PROOFOFCUSTODY

The independent scoring system for Bitcoin custody. Every platform scored and ranked.

$1B+ in assets under custody expertise

No spam. Unsubscribe anytime.

PLATFORM SCORES
All ScoresCompareMethodologyCustody Assessment
LEARN
Bitcoin 101Custody GuidesFAQQuiz
RESOURCES
DataPodcastReportEditorial Independence
CONNECT
Twitter / XLinkedInYouTubehello@proofofcustody.io
2026 Proof of Custody. Published by Onramp Bitcoin. Editorial Independence.proofofcustody.io
All Articles
Custody10 min

Bitcoin Multisig Explained: How Multi-Signature Security Actually Works

Proof of Custody Editorial·May 3, 2026

Multi-signature — multisig — is the single most important security primitive in modern Bitcoin custody. Every institutional custody arrangement worth using is built on it. Collaborative custody at Unchained and Casa is multisig. Multi-institution custody at Onramp is multisig. Corporate treasury vaults at MicroStrategy, Marathon, and the spot Bitcoin ETFs are multisig. Understanding what multisig actually does — and what it does not — is the prerequisite for evaluating any modern Bitcoin custody arrangement.

Key Takeaways

  • Multisig requires M-of-N signatures to authorize a transaction — e.g., 2-of-3 means any 2 of 3 keys can move funds, but no single key can
  • Multisig eliminates single-key failure but introduces operational complexity: more keys to manage, more signing steps per transaction
  • The same M-of-N math underlies collaborative custody, multi-institution custody, corporate treasury, and inheritance arrangements — the architectures differ by where the keys live and who holds them
  • MPC (multi-party computation) is sometimes marketed as equivalent to multisig but is structurally different — key shards can be reconstituted, which multisig cannot

What Multisig Actually Is

A standard Bitcoin transaction requires one signature from one private key. The signature proves that the holder of the key authorized the transaction. Multisig changes this to require M signatures from a set of N keys. The most common configurations are 2-of-3 and 3-of-5.

In a 2-of-3 arrangement, three private keys exist. Any two of them can authorize a transaction. No single one can. If one key is lost, the remaining two can still execute transactions. If one key is compromised, the attacker cannot move funds without compromising a second. The arrangement is robust to single-point failure on either side: the holder cannot lose access by losing one key, and an attacker cannot steal by stealing one key.

3-of-5 raises the threshold. Five keys exist; any three can execute. This trades operational complexity for redundancy — there are more keys to lose, but two can be compromised without consequence, and two can be lost without losing access. 3-of-5 is the configuration Casa uses at its Premium tier; it is appropriate for holders whose position size justifies the additional operational burden.

Why Multisig Matters for Bitcoin Custody

Bitcoin is a bearer asset. Whoever holds the keys controls the asset. This is the property that makes Bitcoin censorship-resistant and seizure-resistant, but it also makes single-key custody a single point of failure. A single private key represents a single way to lose everything: lose it, have it stolen, have it compromised by a software exploit, have the device storing it physically destroyed.

Multisig directly addresses this failure mode. By requiring M-of-N signatures from independent keys, the arrangement eliminates any single-key failure scenario. The keys can be stored in different locations, under different security models, by different parties — the cryptographic requirement is that some threshold of them cooperate, not that any individual one survive.

The Architectures Multisig Enables

Personal Multisig

The holder personally creates a 2-of-3 multisig where they hold all three keys, stored in different locations. This is pure self-custody with single-key redundancy. The holder needs at least two of their three keys to execute a transaction, so losing any single key does not result in loss of funds. The operational burden is significant: the holder must manage three hardware wallets, three seed phrase backups, and the signing process across at least two of them per transaction.

Collaborative Multisig

The holder personally holds two keys; a provider holds the third. The provider serves as a coordinator and backup. The holder retains direct control — any transaction requires at least one of the holder's signatures — but the provider's third key enables recovery if the holder loses one of their two keys. Unchained and Casa operate at this model.

Multi-Institution Multisig

Three independent regulated institutions each hold one key. The holder holds zero. Two of the three institutions must cooperate to execute any transaction; none can move funds unilaterally. The holder bears no operational responsibility for keys. Onramp's multi-institution custody arrangement uses this model with three keyholders across different jurisdictions.

Corporate Treasury Multisig

Corporate Bitcoin treasuries use multisig to distribute signing authority across multiple officers or signers. A 3-of-5 corporate treasury might require three of five executives to authorize any transaction, eliminating the ability of any single executive to move corporate funds. The same primitive that protects an individual holder also protects an organization from internal fraud.

MPC Is Not Multisig

Multi-party computation (MPC) is sometimes marketed as equivalent to multisig. It is not. MPC distributes a single private key across multiple parties as key shards. The shards must be combined to produce a signature — which means at the moment of signing, the key is reconstituted. Multisig does not reconstitute a key; multiple independent keys jointly sign without any of them being combined or exposed.

The practical difference: in MPC, a sufficiently sophisticated attacker who can observe the shards at the moment of combination has access to the full key. In multisig, no such moment exists — there is no full key to capture. Multisig is structurally more robust against key-reconstitution attacks, which is why qualified custodians like BitGo and Fidelity emphasize the use of multisig at their infrastructure layer even when their consumer-facing products use MPC.

What Multisig Costs

Multisig transactions are larger on the Bitcoin network than single-signature transactions because they contain more signatures. Block space is finite, so larger transactions cost more in fees. The cost is modest — typically 2-3x a single-signature transaction — but it adds up at high fee environments.

Multisig also imposes operational complexity. Each transaction requires coordinating signatures from multiple parties or devices. The holder must keep track of which keys belong to which arrangement, where they are stored, and how to execute the signing process. For personal multisig, this complexity is the holder's burden. For collaborative or multi-institution custody, the provider absorbs most of the operational coordination but the underlying complexity is still there.

The Bottom Line

Multisig is the foundational security primitive that makes serious Bitcoin custody possible. Single-key custody at scale is not appropriate for substantial holdings — the single point of failure is unacceptable. Multisig eliminates that failure mode while preserving Bitcoin's bearer-asset properties. The question for any holder is not whether to use multisig but what kind of multisig arrangement best fits their position size, operational tolerance, and heir profile.

Sourced from Spark.Money research; analysis adapted for Proof of Custody's custody-comparison editorial scope.

Stay Informed

Get weekly custody analysis and platform updates delivered to your inbox.