Author: Onkar Singh, CoinTelegraph; Translated by: Wuzhu, Golden Finance

1. What is a multi-signature cold wallet?

Multisig (multisig) Cold wallets are often considered one of the safest ways to store digital assets, providing additional protection from theft. However, even these advanced security measures are not foolproof, as evidenced by the February 2025 Bybit hack.

Before delving into its security, let's analyze what a multi-signature cold wallet is.

Cold Wallet Explanation

Cold Wallet is a cryptocurrency storage method that remains offline and disconnects from the Internet. This setup makes it more difficult for hackers to access funds remotely. Examples include:

Hardware wallets (e.g. Ledger, Trezor)

Paper wallets

isolated computers (devices that have never been connected to the internet).

Cold wallets reduce the risk of cyber attacks such as phishing or malware by saving private keys offline. But what is multi-signature?

Let's find out.

Multisig (multisig) Explanation

Multisig technology requires multiple private keys to approve transactions, while single signature wallets require only one key. It can be considered a joint bank account, and any withdrawal requires two or more signers to approve it.

Common multi-signature settings include:

2-of-3 Multi-signature: Any 2 of the 3 keys must be approved for transactions.

3-of-5 Multi-signature: Any 3 of 5 keys are required.

5-of-7 Multi-signature: Any 5 of the 7 keys must be signed.

This additional layer of security means that even if a key is leaked, the attacker cannot unilaterally transfer funds.

Who uses multi-signature cold wallet?

Cryptocurrency Exchange: Prevent internal fraud and unauthorized withdrawals.

Institutional Investors: Hedge Funds and Family Financial Offices that protect a large number of cryptocurrencies.

Decentralized Autonomous Organization (DAO): Groups that manage shared funds through multi-signature governance.

2. How does a multi-signature cold wallet work?

Multi-signature cold wallet requires multiple private keys from trusted parties to approve and authorize transactions, enhancing security by preventing single point of failure.

To understand how a multi-signature cold wallet works, imagine a bank's safe requires two or more keys to open. No one can access content individually – multiple trusted parties must be present.

Multi-signature cold wallet applies this concept to digital assets, adding additional security by requiring multiple private keys to authorize transactions.

The following is it in the crypto worldHow it works in the boundary:

Key distribution: The wallet owner generates multiple private keys and distributes them to trusted parties or devices. For example, in a 3-of-5 multi-signature cold wallet setup, keys can be distributed to different roles for enhanced security and accountability. For example, key 1 can be assigned to the CEO as the primary decision maker, while key 2 can be assigned to the CFO for financial oversight. The Chief Legal Officer holds Key 3 to ensure compliance with regulations, while Key 4 is stored as an offline backup in a secure isolated location. Finally, the key 5 can be assigned to the Chief Security Officer, responsible for the cybersecurity protocol.

Transaction Request: When someone wants to withdraw funds from their wallet, they must first create a transaction proposal—like filling out a check that requires multiple signatures to process.

Approval Process: The proposal is then sent to the authorized signature. In the 3-of-5 setup, at least three of the five key holders must approve the request, just as three different bank staff need to unlock the safe together. This process prevents any individual from making unauthorized transfers, even if a key holder is threatened or malicious.

Broadcast transaction: Once the required number of signatures is collected, the transaction is broadcast to the blockchain network. Only in this way can the payment be finalized and recorded on the public ledger. If the minimum approved quantity is not reached, the transaction remains incomplete—just like the bank refuses to process a check without the required signature.

3. How to get hacked by multi-signature cold wallet?

Although multi-signature wallet has security advantages, it is not immune to attacks. Hackers often exploit weaknesses in implementation, human behavior, or third-party services.

Let’s get a better understanding of this with some examples:

1. Supply Chain Attack (Bybit Hacker, 2025)

In February 2025, hackers invaded the multi-signature process, causing the Bybit exchange to lose $1.5 billion worth of Ethereum.

The attack process is as follows:

Bybit uses a 3-of-5 multi-signature cold wallet, which means any three authorized signatures are required to transfer funds.

The attackers destroyed the infrastructure of a third-party wallet provider (SafeWallet).

They hacked SafeWallet's developer device, injected malicious code, and changed the multi-signature process.

Bybit’s security team approved what seemed to be legitimate transactions, but in fact, funds were redirected to a hacker-controlled address.

This attack highlights the risk of relying on third-party providers to ensure the security of wallets. Even if your private key is secure, an attacked service can still put funds at risk.

2. Social Engineering Attack

Multi-signature wallets require manual approval, and hackers can manipulate thempeople.

For example, in 2022, hackers used phishing emails to target senior employees of crypto funds. Once an attacker gains access to their working device, they use malware to record private key input. Since multi-signatures require only 2-of-3 approval, the attacker bypassed security.

3. The quality of the rogue insider and collusion

The quality of the multi-signature system depends on its participants. If malicious employees are part of a 2-of-3 or 3-of-5 setup, they may collude with hackers to sign fraudulent transactions.

For example, in 2019, an exchange executive conspired with an attacker to approve an unauthorized withdrawal of $200 million. This event led to a shift to a more decentralized signature approach.

4. Smart Contract Vulnerability

Some multi-signature wallets integrate smart contracts to automate transactions; however, if the smart contract contains encoding errors, an attacker can exploit it.

For example, in 2017, a bug in Parity Multisig Wallet caused hackers to freeze over $150 million worth of ETH, leaving funds unusable.

4. How to make multi-signature cold wallet safer

In order to make multi-signature cold wallet safer, please use a higher signature threshold, implement multi-layer authentication, and store the key in a secure, geographically distributed location.

As mentioned above, a multi-signature cold wallet is still one of the best security solutions, but you have to take additional precautions to minimize risk, including:

Use higher thresholds (e.g., 4-of-7 instead of 2-of-3): The more signatures required = the harder it is to hack enough keys for an attacker.

Implement multi-layer authentication: combines password, biometrics and hardware security modules (HSMs) to access the keys.

Shamir's Secret Sharing: Split the private key into multiple fragments, which need to be reconstructed in order to use the original key.

Secretary signature device: Use offline devices to sign transactions to prevent remote hacking.

Distribute keys by geographic location: Store the keys in different locations or are kept by a separate custodian to avoid single point of failure.

Key rotation strategy: periodically change the key holder and regenerate the key to reduce the risk of access stolen.

Regular security audits: Hire third-party experts to review your wallet settings and detect vulnerabilities.

Independent Co-signer: Involve external security companies or trusted third parties as one of the signers to prevent internal collusion.

Access logs and alerts: Use the log system to monitor key usage and receive suspicious activity alerts.

Multi-party computing (MPC): an encryption protocol that is never fully assembled with a private key, adding an additional layer of security.

V.Is multi-signature cold wallet still worth it?

For those looking to protect their crypto assets from theft and fraud, a multi-signature cold wallet is still one of the best options. However, their complexity and potential vulnerabilities should not be ignored, especially in the case of supply chain attacks.

Yes, a multi-signature cold wallet is still one of the best safe choices for storing large amounts of cryptocurrencies. However, they are not foolproof.

The February 2025 Bybit hacking is a wake-up call: Even complex multi-signature cold wallets can be compromised through supply chain attacks, where attackers exploit vulnerabilities in systems or hardware used to generate or store private keys.

This attack stressed the importance of not only relying on the technical setup of multi-signature wallets, but also taking into account the importance of a broader security ecosystem, including the physical security of the device and the integrity of the key management process.

So, while multi-signature cold wallets provide strong protection, they also present a range of challenges. The setup and management of multi-signature systems are complex, and the risk of key loss and potential physical threat vulnerabilities can bring many difficulties, especially for inexperienced users. In addition, in the case of tight time, slow transaction approval process can also cause inconvenience.

Ultimately, deciding whether a multi-signature cold wallet is the right choice for your digital asset security depends on weighing its advantages and limitations. If you manage a large number of crypto assets and can handle complexity, a multi-signature wallet provides a high level of security that is hard to match in traditional wallets. On the other hand, if you are not prepared to invest in the necessary infrastructure or cannot securely manage multiple keys, a simpler wallet solution may be more appropriate.

It is also important to remember that no security measures are completely risk-free. As seen by recent hackers, a wider security environment plays a major role in protecting your assets. To make a multi-signature cold wallet truly effective, key holders must remain vigilant, maintain strong cybersecurity practices, and regularly assess potential risks.