Multisig Wallet: Protect Bitcoin in case of death or forgetfulness

UPDATE (April 2018): See footnote regarding Coinbase multisig vaults.* The feature will be retired this month, because it interferes with plans to improve support of Bitcoin forks.

Legacy Method of Inheriting Assets

Many Bitcoin owners choose to use a custodial account, in which the private keys to a wallet are generated and controlled by their exchange—or even a bank or stock broker. In this case, funds are passed to heirs in the usual way. It works like this…

An executor, probate attorney, or someone with a legal claim contacts the organization that controls the assets. They present a death certificate, medical proxy or power-of-attorney. Just as with your bank account or stocks and bonds, you have the option of listing next of kin and the proportion of your assets that should be distributed to each. It’s worth contacting estate planning lawyers austin to help you with these tasks (also, you should probably find one familiar with cryptocurrency). These custodial services routinely ask you to list individuals younger than you and alternate heirs, along with their street addresses, in the event that someone you list has died before you.

Of course, Bitcoin purists and Libertarians point out that the legacy method contradicts the whole point of owning a cryptocurrency. Fair enough.

Multisig to the Rescue

Using multisig would be far easier, if wallet vendors would conform to standards for compatibility and embed technology into hardware and software products. Unfortunately, they have been slow to do so, and there are not yet widely recognized standards to assure users that an implementation is both effective and secure. But, there is some good news: It’s fairly easy to process your ordinary account passwords and even the security questions with a roll-your-own multisig process. I’ve done it using PGP and also using Veracrypt—two widely recognized, open source encryption platforms.

This short article is not intended as an implementation tutorial, but if the wallet vendors don’t jump up to home plate, I may release a commercial tool for users to more easily add multisig to their wallets. It really is safe, simple and effective. (If readers wish to partner with me on this? I estimate that it will take $260,000 and about six months).

What is Multisig and How Does it Protect your Wealth?

Multisig allows anyone with credentials to an account, wallet or even a locked safe to create their own set of rules concerning which combinations of friends and relatives can access their assets without the original owner. The owner sets conditions concerning who, when, how much and which accounts can be accessed — and the heirs simply offer passwords or proof of identity. If implemented properly, it doesn’t matter if some of the heirs have forgotten passwords or died before the original owner.

This can be illustrated in an example. I am intentionally describing a complex scenario, so that you consider a full-blown implementation. Although the ‘rules’ listed below appear to be complex, the process for creating the associated passwords is trivial.

The last 2 rules listed below do not use Multisig technology, but rather Smart Contracts. It enhances an owner’s ability to dictate terms. Here, then, is the scenario…

I want heirs to have access to my assets
at banks, brokers, exchanges or other ac-
counts–but only under certain conditions:

  • If any 4 of 11 trusted family and friends come together and combine their passwords (or an alternate proof-of-identity), they may access my wealth and transfer it to other accounts
    • But, if one is my husband, Fred, or my daughter, Sue, then only two trusted individuals are needed
    • —But not Fred and Sue together (At least one must be an outsider)
  • If any account has less than $2500, then it goes to my favorite charity, rather than the individuals I have listed
  • None of my accounts can be unlocked by my heirs, until I have not accessed them with my own password for 3 months. Prior to that, the Multisig will fail to gain access.

Again, the decedent’s wishes are complex, but executing and enforcing these rules is trivial. In my presentations, I describe the method on two simple PowerPoint slides. Even that short description is sufficient to show anyone who has used common cryptography apps to weave their own multisig add-on.

Of course, each individual will need to locate their own secret password, but a biometric or other conforming proof-of-identity can be substituted. Even if several survivors cannot recall their credentials, the multisig method allows other combinations of individuals to access the assets across all accounts.

This article may leave you wondering about the legal process—and this is where I agree with the Libertarian viewpoint: Sure! The courts have a process and heirs should document their access and decisions for tax purposes and to assure each other of fair play. But a key benefit of cryptocurrency and the disintermediation offered by the blockchain is the personal empowerment of access with impunity and without waiting for any legal process.

Let the courts to what they do, while you honor the wishes of your dearly departed.

If this article generates sufficient interest, I may prepare a short tutorial on how to split off your own Multisig passwords, regardless of which wallet or hosted services you use. It will work with any vendor, app or gadget —or— Perhaps, I will refine my homespun solution and offer it as an add-on app that can be used with any wallet, bank account or exchange. Simple, ubiquitous and effective multisig should have been available to even traditional banking customers years ago!


* History of Coinbase support for a multisig vault

Oct 29, 2014 — Coinbase adds Multisig Vault
Multisig rule: (3) private keys created. 2 are required to access coins:

  1. User Key
  2. Coinbase Key
  3. 2nd Coinbase Key but only user has passsword

Aug 31 2017 — No more NEW Multisig vaults

April 19 2018 — Sunset of Multisig vaults (and announced earlier, on Mar 20)

Sunset on Multisig vaults: They make it difficult to support forks. A new tool will still support withdrawls after multisig vaults are retired.


Ellery Davies co-chairs CRYPSA, hosts the Bitcoin Event and presents at Crypto Conferences around the world. Book a presentation or consulting engagement.

Verizon Wireless: Trouble with honesty & fairness

In the market for mobile phones, a time span of 7 years represents a different era altogether. At least 4 generations of hardware feature phones have come and gone. Seven years ago, there was no iPhone and no Android. Palm was king of PDAs, a class that was still separate from phones and browsers. Feature phones offered Symbian at best. (Who remembers Windows CE?).

Way back in 2004, Verizon crippled Bluetooth in the Motorola v710, the first mobile phone to support short range wireless technology. The carrier supported Bluetooth for connecting a headset and for voice dialing, but they blocked Bluetooth from transferring photos and music between a phone and the user’s own PC. More alarmingly, they displayed a Bluetooth logo on the outside of custom Verizon packaging, even though the logo licensing stipulated that all logical and resident Bluetooth “profiles” are supported.

(Disclosure: I was a plaintiff in a class action that resulted in free phones for users affected by the deception. I am not a ‘Verizon basher’. I have been a faithful client since early cell phones and I recently defended Verizon’s right to charge for off-device tethering.)

Can you hear me now?

Why would Verizon cripple a popular feature that helps to differentiate and sell equipment? That’s an easy one. It forced users to transfer photos and music over the carrier network rather than exchange files directly with a PC. The carrier sells more minutes or costly data plans.

With the same motive, Verizon restricted feature phone apps to their Get it Now store, limiting music, games and ringtones to their own pipeline. Heck–Why not? It’s their ball park! Users can take their business to other carriers. Right? Well perhaps—but mobile service is built upon licensed spectrum, a regulated and limited commodity. Although carriers are not a monopoly in the strict sense (there are three or four carriers in populated regions), they are licensed stewards of an effective market duopoly.

Perhaps the longest lived vestige of Verizon’s stodgy funk (and the most depressing) was their insistence on stripping pre-smart phones of the manufacturer’s user GUI and foisting users to navigate a bland set of carrier-centric screens and commands. Often, I would sit next to someone on an international flight who had the same model Motorola, Samsung or Nokia phone. And guess what? His carrier didn’t interfere with fascinating user features. Why did Verizon force their own screens on unsuspecting Americans? It meant that I could not set my phone to vibrate first and then ring with increasing volume over the next few seconds. What a great feature on my Moto i810! But it was stripped from subsequent models, because it wasn’t spec’d by the boys in Verizon’s “retrofit and bastardize” lab.

With the exception of the class action on the Bluetooth features, no legislation was needed to get Verizon to unlock phone features. Eventually a free market mechanism forced them to rethink their ivory tower greed. With AT&Ts market success selling iPhones, Verizon eventually capitulated so that they could become the Android market leader. The new strategy worked for both consumers and for Verizon. Even before they began selling iPhones in 2011, Verizon reasserted their position as the carrier of choice and fully justified their cost premium through excellent coverage and quality service.

Hey, Verizon! Can you hear us now?!

But now, the company that I have learned to hate, love, and then curse, is at it again! They are about to introduce the Samsung Galaxy Nexus. It is only the 2nd Google branded Android (you can’t get closer to a pure Android experience!). But wait! News Flash: They are going to cripple a native Android feature. Just as with the Bluetooth debacle, Verizon claims that it is for the protection and safety of their own users. (Stop me, Mommy! I’m about to access a 3rd party service!).

Why doesn’t Verizon get it? Why can’t they see value in being the #1 carrier and base profit strategy on exceptional build out and service? Sure, I support their right to offer apps, music, ringtones, photo sharing, navigation, child tracking, mobile television, and even home control. These are great niches that can boost revenue. But remember that you are first and foremost a carrier. Just because you plan to enter one of these markets is no reason to cut off your own users from content and service options.

Think of this issue as your subscribers see it: Cutting off users from the Android wallet, because you plan to offer a payment mechanism of your own is no different than a phone service blocking calls to Bank of America because they are tied in with Citibank. If that metaphor doesn’t cut it, how about a simple truth? It’s been 22 years since Judge Harold Greene deregulated the telecommunications monopoly. Your company is both legacy and chief beneficiary of that landmark decision. But success is transient to those who use market penetration to restrict choice. And this time, it won’t require anti-monopoly legislation. The market will push back hard and share recovery will be slow.

I’m taking my phone and going home!

Android is open. Get it? You have flourished recently, because you chose to embrace an open system that builds on its own popularity. You have contributed to its swift ascent, and likewise, Google and your users who like Android have contributed to your success. Why spit on your users now? What did we do to deserve this?

C’mon Verizon. Stop seizing your ball and threatening to close the ball park. We love you. Get it right for once and stop dicking with us. Our patience is wearing thin!