Multisig cold wallets: How secure are they really?

What are multisig cold wallets?

Multisignature (multisig) cold wallets are often considered one of the safest ways to store digital assets, providing an extra layer of protection against theft. However, even these advanced security measures are not infallible, as demonstrated by the February 2025 Bybit hack.

Before diving into their security, let’s break down what multisig cold wallets actually are.

Cold wallets, explained

A cold wallet is a cryptocurrency storage method that remains offline and disconnected from the internet. This setup makes it significantly harder for hackers to access the funds remotely. Examples include:

• Hardware wallets (e.g., Ledger, Trezor)
• Paper wallets
• Air-gapped computers (devices never connected to the internet).

By keeping private keys offline, cold wallets reduce the risk of online attacks, such as phishing or malware. But what is multisignature?

Let’s find out.

Multisignature (multisig), explained

Multisignature technology requires multiple private keys to approve a transaction, unlike single-signature wallets that need only one key. Think of it as a joint bank account, where two or more signatories are needed to approve any withdrawal.

Common multisig setups include:

• 2-of-3 multisig: Any 2 out of 3 keys must approve transactions.
• 3-of-5 multisig: Any 3 out of 5 keys are needed.
• 5-of-7 multisig: Any 5 out of 7 must sign.

This added layer of security means that even if one key is compromised, an attacker cannot unilaterally move funds.

Who uses multisig cold wallets?

• Crypto exchanges: To prevent internal fraud and unauthorized withdrawals.
• Institutional investors: Hedge funds and family offices securing large amounts of crypto.
• Decentralized autonomous organizations (DAOs): Groups managing shared funds through multisig governance.

How do multisig cold wallets work?

Multisig cold wallets require multiple private keys from trusted parties to approve and authorize a transaction, enhancing security by preventing a single point of failure.

To understand how multisig cold wallets work, imagine a safety deposit box at a bank that requires two or more keys to open. No single person can access the contents alone — multiple trusted parties must be present.

Multisig cold wallets apply this concept to digital assets, adding an extra layer of security by requiring multiple private keys to authorize transactions.

Here’s how it works in the crypto world:

• Key distribution: The wallet owner generates multiple private keys and distributes them among trusted parties or devices. For example, in a 3-of-5 multisig cold wallet setup, keys can be distributed among different roles to enhance security and accountability. For example, Key 1 could be assigned to the CEO as the primary decision-maker, while Key 2 goes to the chief financial officer for financial oversight. The chief legal officer holds Key 3 to ensure compliance with regulations, while Key 4 is stored as an offline backup in a secure, air-gapped location. Lastly, Key 5 could be assigned to the chief security officer, responsible for cybersecurity protocols. 
• Transaction request: When someone wants to withdraw funds from the wallet, they must first create a transaction proposal — like filling out a check that needs multiple signatures before it can be processed.
• Approval process: The proposal is then sent to the authorized signers. In the 3-of-5 setup, at least three of the five key holders must approve the request, just like three different bank staff members need to unlock the safety deposit box together. This process prevents any single person from making unauthorized transfers, even if one keyholder is compromised or acting maliciously.
• Broadcasting the transaction: Once the required number of signatures is collected, the transaction is broadcast to the blockchain network. Only then is the payment finalized and recorded on the public ledger. If the minimum number of approvals isn’t reached, the transaction remains incomplete — just like a bank would refuse to process a check without the required signatures.

How multisig cold wallets can be hacked

Despite their security benefits, multisig wallets are not immune to attacks. Hackers often exploit weaknesses in implementation, human behavior or third-party services.

Let’s understand more using some examples:

1. Supply chain attacks (Bybit hack, 2025)

In February 2025, the Bybit exchange lost $1.5 billion worth of Ether (ETH) when hackers compromised the multisig signing process.

Here’s how the attack happened:

• Bybit used a 3-of-5 multisig cold wallet, meaning any three authorized signatures were needed to move funds.
• Attackers breached the infrastructure of a third-party wallet provider (SafeWallet).
• They compromised a developer’s device at SafeWallet, injecting malicious code that altered the multisig signing process.
• Bybit’s security team approved transactions that appeared legitimate, but in reality, the funds were redirected to hacker-controlled addresses.

This attack highlights the risks of relying on third-party providers for wallet security. Even if your private keys are safe, a compromised service can still put funds at risk.

Did you know? The US Federal Bureau of Investigation attributed the February 2025 Bybit heist to North Korean hackers, marking it as one of the largest in cryptocurrency history.

2. Social engineering attacks

Multisig wallets require human approval, and hackers can manipulate people.

For example, in 2022, hackers targeted high-ranking employees at a crypto fund using phishing emails. Once the attackers gained access to their work devices, they used malware to record private key inputs. Since the multisig required only 2-of-3 approvals, the attackers bypassed security.

3. Rogue insiders and collusion

A multisig system is only as good as its participants. If a malicious employee is part of a 2-of-3 or 3-of-5 setup, they might collude with hackers to sign fraudulent transactions.

For example, in 2019, an exchange executive conspired with attackers to approve a $200-million unauthorized withdrawal. This incident led to a shift toward more decentralized signing methods.

4. Smart contract vulnerabilities

Some multisig wallets integrate smart contracts to automate transactions; however, if the smart contract contains a coding bug, attackers can exploit it.

For example, in 2017, a bug in the Parity Multisig Wallet allowed hackers to freeze over $150 million worth of ETH, rendering the funds inaccessible.

How to make multisig cold wallets more secure

To make multisig cold wallets more secure, use a higher threshold of required signatures, implement multilayer authentication, and store keys in secure, geographically dispersed locations.

As mentioned, multisig cold wallets remain one of the best security solutions, but you must take extra precautions to minimize risks, including:

• Use a higher threshold (e.g., 4-of-7 Instead of 2-of-3): More required signatures = harder for an attacker to compromise enough keys.
• Implement multilayer authentication: Combine passwords, biometrics and hardware security modules (HSMs) for key access.
• Shamir’s Secret Sharing: Split private keys into multiple fragments that need to be reconstructed to use the original key.
• Air-gapped signing devices: Use offline devices to sign transactions, preventing remote hacking attempts.
• Distribute keys geographically: Store keys in different locations or with separate custodians to avoid a single point of failure.
• Key rotation policy: Regularly change key holders and regenerate keys to reduce the risk of compromised access.
• Regular security audits: Hire third-party experts to review your wallet setup and detect vulnerabilities.
• Independent co-signers: Involve external security firms or trusted third parties as one of the signers to prevent insider collusion.
• Access logging and alerts: Use logging systems to monitor key usage and receive alerts for suspicious activity.
• Multiparty computation (MPC): Use cryptographic protocols where private keys are never fully assembled, adding an extra layer of security.

Did you know? Shamir’s Secret Sharing, introduced by Israeli cryptographer Adi Shamir in 1979, is a cryptographic algorithm that divides a secret into multiple parts. Only when a sufficient number of these parts can be combined can the original secret be reconstructed, ensuring that partial knowledge doesn’t compromise the entire secret. 

Are multisig cold wallets still worth it?

Multisig cold wallets are still one of the best options for those looking to protect their cryptocurrency assets from theft and fraud. However, their complexity and the potential for vulnerabilities, especially in the case of supply chain attacks, should not be overlooked.

Yes, multisig cold wallets remain one of the best security options for storing large amounts of cryptocurrency. However, they aren’t foolproof. 

The Bybit hack of February 2025 is a wake-up call: Even sophisticated multisig cold wallets can be compromised through supply chain attacks, where attackers exploit vulnerabilities in the systems or hardware used to generate or store the private keys. 

This attack underscores the importance of not relying solely on the technical setup of multisig wallets but also considering the broader security ecosystem, including the physical security of the devices and the integrity of key management processes.

Thus, while multisig cold wallets offer strong protection, they also come with their own set of challenges. The complexity of setting up and managing a multisig system, the risk of losing keys and potential vulnerabilities to physical threats can create difficulties, especially for less experienced users. Additionally, the slower transaction approval process can be an inconvenience in time-sensitive situations.

Ultimately, deciding whether multisig cold wallets are the right choice for your digital asset security depends on balancing their advantages against their limitations. If you are managing substantial cryptocurrency holdings and can handle the complexity, multisig wallets provide a high level of security that is hard to match with traditional wallets. On the other hand, if you’re not prepared to invest in the necessary infrastructure or cannot manage multiple keys securely, simpler wallet solutions may be more suitable.

It’s also crucial to keep in mind that no security measure is entirely risk-free. As seen in recent hacks, the broader security landscape plays a significant role in protecting your assets. For multisig cold wallets to be truly effective, keyholders must remain vigilant, maintain strong cybersecurity practices, and regularly assess potential risks.