Cointelegraph Bitcoin & Ethereum Blockchain News

What are multisig cold wallets?

Multisignature (multisig) cold wallets are often considered one of the safest ways to store digital assets, providing an extra layer of protection against theft. However, even these advanced security measures are not infallible, as demonstrated by the February 2025 Bybit hack.

Before diving into their security, let’s break down what multisig cold wallets actually are.

Cold wallets, explained

A cold wallet is a cryptocurrency storage method that remains offline and disconnected from the internet. This setup makes it significantly harder for hackers to access the funds remotely. Examples include:

• Hardware wallets (e.g., Ledger, Trezor)
• Paper wallets
• Air-gapped computers (devices never connected to the internet).

By keeping private keys offline, cold wallets reduce the risk of online attacks, such as phishing or malware. But what is multisignature?

Let’s find out.

Multisignature (multisig), explained

Multisignature technology requires multiple private keys to approve a transaction, unlike single-signature wallets that need only one key. Think of it as a joint bank account, where two or more signatories are needed to approve any withdrawal.

Common multisig setups include:

• 2-of-3 multisig: Any 2 out of 3 keys must approve transactions.
• 3-of-5 multisig: Any 3 out of 5 keys are needed.
• 5-of-7 multisig: Any 5 out of 7 must sign.

This added layer of security means that even if one key is compromised, an attacker cannot unilaterally move funds.

Who uses multisig cold wallets?

• Crypto exchanges: To prevent internal fraud and unauthorized withdrawals.
• Institutional investors: Hedge funds and family offices securing large amounts of crypto.
• Decentralized autonomous organizations (DAOs): Groups managing shared funds through multisig governance.

How do multisig cold wallets work?

Multisig cold wallets require multiple private keys from trusted parties to approve and authorize a transaction, enhancing security by preventing a single point of failure.

To understand how multisig cold wallets work, imagine a safety deposit box at a bank that requires two or more keys to open. No single person can access the contents alone — multiple trusted parties must be present.

Multisig cold wallets apply this concept to digital assets, adding an extra layer of security by requiring multiple private keys to authorize transactions.

Here’s how it works in the crypto world:

• Key distribution: The wallet owner generates multiple private keys and distributes them among trusted parties or devices. For example, in a 3-of-5 multisig cold wallet setup, keys can be distributed among different roles to enhance security and accountability. For example, Key 1 could be assigned to the CEO as the primary decision-maker, while Key 2 goes to the chief financial officer for financial oversight. The chief legal officer holds Key 3 to ensure compliance with regulations, while Key 4 is stored as an offline backup in a secure, air-gapped location. Lastly, Key 5 could be assigned to the chief security officer, responsible for cybersecurity protocols. 
• Transaction request: When someone wants to withdraw funds from the wallet, they must first create a transaction proposal — like filling out a check that needs multiple signatures before it can be processed.
• Approval process: The proposal is then sent to the authorized signers. In the 3-of-5 setup, at least three of the five key holders must approve the request, just like three different bank staff members need to unlock the safety deposit box together. This process prevents any single person from making unauthorized transfers, even if one keyholder is compromised or acting maliciously.
• Broadcasting the transaction: Once the required number of signatures is collected, the transaction is broadcast to the blockchain network. Only then is the payment finalized and recorded on the public ledger. If the minimum number of approvals isn’t reached, the transaction remains incomplete — just like a bank would refuse to process a check without the required signatures.

How multisig cold wallets can be hacked

Despite their security benefits, multisig wallets are not immune to attacks. Hackers often exploit weaknesses in implementation, human behavior or third-party services.

Let’s understand more using some examples:

1. Supply chain attacks (Bybit hack, 2025)

In February 2025, the Bybit exchange lost $1.5 billion worth of Ether (ETH) when hackers compromised the multisig signing process.

Here’s how the attack happened:

• Bybit used a 3-of-5 multisig cold wallet, meaning any three authorized signatures were needed to move funds.
• Attackers breached the infrastructure of a third-party wallet provider (SafeWallet).
• They compromised a developer’s device at SafeWallet, injecting…