A multisig is a wallet where a transaction requires signatures from more than one key to be valid. The most common setup is M-of-N, meaning M signatures are required out of N total keys β a 2-of-3 multisig has three keys and needs two signatures, a 3-of-5 has five keys and needs three. If you lose one key in a 2-of-3 setup, you can still recover by using the remaining two; if your laptop gets compromised, the attacker still needs one more key from somewhere else to do anything. The tradeoff between security and operational convenience is set by the specific M and N you choose, and different use cases want different ratios.
On Bitcoin, multisig is implemented natively via script: a multisig address is one whose spending conditions are an M-of-N script, and spending requires submitting the required signatures to satisfy the script. On Ethereum and other smart contract chains, multisig is implemented as a contract β most commonly Gnosis Safe (now rebranded as Safe), which is the dominant multisig wallet in the Ethereum ecosystem and holds many tens of billions of dollars in assets at any given time.
What Multisigs Are Used For
The original use case was personal security: an individual with significant crypto holdings distributes keys across devices and locations so that no single point of failure can compromise the whole thing. A typical personal setup might be 2-of-3 with one key on a hardware wallet at home, one on a hardware wallet in a safe deposit box, and one held by a trusted family member or a service. Any two together can sign, but any one alone is useless, which defeats the main ways individuals tend to lose funds (stolen laptop, lost seed, burned house).
The more widely-used case today is treasury management for DAOs, funds, and project teams. A typical DAO treasury might be 5-of-9, held by core team members and trusted community members, where any spending requires a majority agreement. This gives social control over the funds β no individual can steal or be coerced into losing them, and the team has to coordinate explicitly for every treasury movement. Safe is the near-universal default for this use case on Ethereum; BitGo and Unchained Capital offer similar services for Bitcoin with institutional custody wrappers.
The Safe Ecosystem
Safe (the contract formerly known as Gnosis Safe) is itself an interesting case study. It is an open-source Solidity contract that implements a flexible multisig with support for arbitrary transaction types, delegated execution, and integration with a huge ecosystem of modules and frontends. Teams can configure signer sets, add time locks, require specific workflows for certain actions, and integrate with hardware wallets and key-management services. Most meaningful Ethereum treasuries sit in a Safe, and the cumulative amount of value secured by Safes is in the hundreds of billions of dollars as of 2026.
One of the practical quirks is that Safe transactions are executed on-chain by a single caller β usually a bot run by the team or a service like Safe’s own relayer β and the signatures from the multisig participants are gathered off-chain and then submitted as a batch. This means the multisig process feels like clicking “approve” in a web interface for each signer, followed by the transaction going through once the threshold is reached. The UX is much better than the early days when multisig required raw transaction construction and copy-pasting hex strings, but it is still noticeably more friction than using a single-key hot wallet.
The Bybit Hack Caveat
In February 2025, Bybit was hit with one of the largest crypto thefts in history β roughly $1.5 billion β when an attacker compromised a signer workflow on a Safe multisig. The attack did not break the multisig itself; instead, it exploited the gap between what the signers thought they were signing and what the contract actually executed. Signers were presented with a transaction that looked like a routine transfer and actually signed a delegatecall that replaced the wallet’s implementation with a malicious one. Once the new implementation was in place, the attacker drained the wallet.
The takeaway is not that multisigs are broken; it is that multisigs are only as secure as the weakest signer’s workflow, and sophisticated attacks can exploit UX gaps to get legitimate signers to authorise malicious actions. Hardware-wallet display verification, transaction simulation, and independent review of each transaction before signing are the defences, and they have to be applied by every signer, not just one. The Bybit incident prompted a lot of teams to audit their own Safe workflows and tighten up their review processes, and the broader lesson β multisig security depends on procedural discipline, not just on the contract math β is one the industry is still internalising.