cold-storage

Setting Up Bitcoin Multisig Cold Storage: A Step-by-Step Guide

A step-by-step guide to setting up a 2-of-3 multisig Bitcoin cold storage arrangement using Sparrow Wallet and hardware wallets — the gold standard for protecting significant Bitcoin holdings.

bitcoin multisig cold storagemultisig bitcoin setup2 of 3 multisig bitcoinsparrow wallet multisigbitcoin cold storage setup

Single-signature cold storage is good. Multisig cold storage is better — dramatically better for anyone protecting significant Bitcoin holdings. With multisig, no single device failure, theft, or loss can compromise your funds. Multiple keys must be compromised simultaneously.

This guide walks through setting up a 2-of-3 multisig cold storage arrangement — the most popular configuration — using hardware wallets and free software.

Why Multisig?

Single-sig cold storage has one critical vulnerability: a single point of failure. If someone finds your seed phrase, they have your Bitcoin. If you lose your hardware wallet and forget where you stored the backup, you may lose access.

Multisig requires M-of-N keys to authorize a transaction. In a 2-of-3 setup:

  • You hold 3 separate keys
  • Any 2 of them can authorize a transaction
  • Losing 1 key: funds still accessible with the other 2
  • Thief steals 1 key: cannot access funds alone

This architecture allows you to distribute keys geographically — one at home, one at work, one in a safe deposit box — so no single location compromise can steal your Bitcoin.

Choosing Your Multisig Configuration

2-of-3: The Standard

The most practical setup for individuals. One key can be lost or unavailable without losing access. Two keys must be compromised to steal funds.

3-of-5: For High Net Worth or Organizations

More redundancy against loss; higher threshold makes theft harder. More complex to manage. Appropriate for very large holdings or multi-person organizations.

1-of-2: Emergency Access

Useful for some inheritance situations — single key sufficient to spend. Not a security improvement over single-sig (one key stolen = funds stolen), but useful for redundancy.

What You Need

For a 2-of-3 multisig setup:

  • 3 hardware wallets (can be different brands — diversity reduces supply chain attack risk)
  • Sparrow Wallet (free, open-source, excellent multisig support)
  • Metal seed backup for each wallet's seed phrase (3 total)
  • Secure storage locations (home safe, safety deposit box, trusted location)

Recommended hardware wallet combination for diversity:

  • Coldcard Mk4 (most Bitcoin-focused, most secure)
  • Foundation Passport (open source hardware)
  • Trezor Safe 5 or Ledger Flex (established manufacturer, different supply chain)

Step 1: Generate Three Independent Seed Phrases

Set up each hardware wallet independently:

  1. Unbox and power on each device
  2. Follow the device's new wallet setup process
  3. Generate a new wallet (do not import an existing seed)
  4. Write down the 24-word seed phrase on paper, then transfer to metal backup
  5. Set a PIN for each device
  6. Verify recovery by re-entering the seed phrase when prompted

Critical: Generate each wallet independently. Do not generate one seed and import it to multiple devices — that defeats the purpose of multisig.

Store seed phrase backups separately from devices and from each other.

Step 2: Set Up Sparrow Wallet

  1. Download Sparrow from sparrowwallet.com
  2. Verify the download signature (instructions on the website)
  3. Install and open Sparrow
  4. For maximum privacy, connect Sparrow to your own Bitcoin node

Step 3: Create the Multisig Wallet in Sparrow

  1. In Sparrow: File → New Wallet
  2. Name the wallet (e.g., "Cold Storage Multisig")
  3. Policy Type: Multi Signature
  4. Set M = 2 (signatures required), N = 3 (total signers)
  5. Script Type: Native Segwit (P2WSH) — the recommended modern standard

Step 4: Import Extended Public Keys (Xpubs)

For each of the 3 hardware wallets:

For Coldcard: Export xpub via Settings → Multisig → Export xpub For Foundation Passport: Settings → Bitcoin → Multisig → Export xpub For Trezor: Connect to Sparrow; Sparrow imports xpub automatically via USB or QR

In Sparrow:

  • Click the keystore tab for each signer
  • Import the xpub from each hardware wallet
  • Label each keystore clearly (e.g., "Coldcard - Home Safe", "Passport - Safety Deposit Box")

Step 5: Verify the Wallet Setup

After importing all 3 xpubs, Sparrow generates the multisig wallet:

  1. Click Apply to create the wallet
  2. Sparrow shows your receive addresses — verify one on each hardware wallet
  3. Each hardware wallet should display the same multisig receive addresses (confirming they share the same wallet descriptor)

Verify the receive address on at least 2 hardware wallets before receiving any Bitcoin. This confirms the wallet was set up correctly.

Step 6: Export and Backup the Wallet Descriptor

The wallet descriptor is the "map" that defines your multisig setup — which keys, in which configuration. This is required to recover your multisig wallet.

In Sparrow: File → Export Wallet → Save as JSON

Store the wallet descriptor file in multiple secure locations alongside (but separate from) your seed phrase backups.

Without the wallet descriptor, your seed phrases alone may not be sufficient to recover your multisig wallet. Standard seed phrase recovery only works for single-sig wallets — multisig requires all three xpubs and the configuration to reconstruct the wallet.

Step 7: Receive Bitcoin

With the wallet set up and verified:

  1. Click Receive in Sparrow
  2. Sparrow generates a receive address
  3. Verify the address on a hardware wallet before use
  4. Send Bitcoin to this address

You can verify receive addresses on any of the 3 hardware wallets — all three display the same addresses.

Step 8: Signing Transactions

To send Bitcoin from your 2-of-3 multisig:

  1. In Sparrow: Send → Enter destination address and amount
  2. Sparrow creates a Partially Signed Bitcoin Transaction (PSBT)
  3. Connect/scan first hardware wallet → sign the PSBT
  4. Connect/scan second hardware wallet → sign the same PSBT
  5. PSBT now has 2 of 2 required signatures → broadcast in Sparrow

For air-gapped wallets (Coldcard, Passport), the PSBT is transferred via SD card or QR code rather than USB.

Frequently Asked Questions

Can I use the same brand of hardware wallet for all 3 keys? Yes, but using different brands reduces supply chain risk — if one manufacturer has a vulnerability, your other keys are on unaffected hardware.

What happens if I lose one hardware wallet? You still have 2 of 3 keys. You can still sign transactions and move funds. Replace the lost wallet with a new one, restore from the seed phrase backup, and regenerate that keystore in Sparrow.

Do I need all 3 hardware wallets to receive Bitcoin? No. You only need the Sparrow wallet and the address to receive. You need 2 of 3 wallets to spend.

Is 2-of-3 multisig safe for self-custody? Yes. 2-of-3 multisig is the gold standard for individual self-custody of large Bitcoin holdings. It is used by professional Bitcoin custodians (Unchained, Collaborative Custody) and serious individual holders worldwide.

Stay Up to Date on Bitcoin

Get our free Beginners Guide to Buying Bitcoin plus weekly insights for long-term holders.

Related Posts

cold-storage
Air-Gapped Bitcoin Hardware Wallets: Complete Guide for 2026

Air-gapped Bitcoin hardware wallets like Coldcard, Keystone 3 Pro, and Foundation Passport sign transactions via QR codes only — private keys never touch a connected device. This guide explains how they work and when to use one.

← Back to Blog