How Secure is Multisig?
The internet is continuously changing our lives. It has unlocked the power of knowledge and information, allowing us to share our ideas freely. The internet has also unlocked digital ownership, transforming our current economy. People today hold different types of digital ownership; from crypto currencies and stocks, digital rights, and art. The magnitude of digital ownership will only increment with time, and soon protecting digital data will be about protecting people’s identities. But how do you protect digital ownership in the internet? In this article we will discuss multi-signature wallets, what they are, and how they work. Most importantly, why implementing multisig technology is essential to maximize security in the crypto space.
Today, many individuals hold digital assets that are more valuable than physical assets! Crypto investors can spend millions of dollars in rare NFTs, land in the metaverse, and valuable digital avatars. Crypto is transforming the way people think about wealth and ownership, making fractionalized ownership and smart contract driven technology the de-facto form of our economy.
As digital ownership grows, protecting keys that have access to funds become a priority. Multi-Signature wallets allow entities to secure data through a process of smart contracts. A multisig wallet also enables an individual or a group of individuals to store, manage, and exchange funds when a specific number of signatures are collected. This is extremely useful for exchanges, crypto currency projects, and companies holding substantial amounts of money.
Why Multisig?
Crypto projects are not obligated to have a multisigs, however, having one builds trust and credibility. Let us go back in history to Quadriga, an exchange founded in 2013 by Gerald Cotton, who despite his dishonest past of running schemes, he was able to grow the exchange to a multimillion-dollar business. As the founder, and main person behind operations in the exchange, he was the only person that had access to the encrypted keys for the exchange’s cold wallet. When the bear market hit in 2018, the exchange did not have the needed liquidity to return funds to investors trying to withdraw their money. At the beginning of 2019, the exchange closed its doors due to the sudden death of Gerald, the only owner to the encrypted keys to the exchange’s funds. Over a $115M in crypto currency were lost, leaving investors out of luck. Quadriga became a teaching moment for the crypto community and emphasized the need of multi-signature wallets.
Multisig for teams
Multisig wallets are helpful to any decentralized crypto project that wants to decrease the risks of unauthorized transactions and rug pulls. Large amounts of funds could tempt anyone, but the beauty of multi-signature is that a predefined number of signatures is needed to confirm transactions. For example, let’s say a group of developers wants to move funds from the smart contract. There would have to be a consensus among them in order for that transaction to happen. That means that if an individual developer decides to act in a malicious manner, he or she will not be able to affect the smart contract unless the majority of the team agrees on it. This ensures a high-level of protection while facilitating advanced transaction capabilities.
Multisig for individuals
For individual entities looking to protect their crypto, multisig wallets allow individuals to disperse keys and backups to reduce the chance losing coins. Multisg can make people creative when it comes to how they want to store their funds, and who they chose to share their wealth with. If they choose to, they can give keys to family members, lawyers, or trusted individuals. Having multiple keys does not only make them more secure, but it also ensures that in case of death or physical harm funds are not lost forever.
Multisig Vulnerabilities
Multisig wallets are an early precursor to more modern governance models that exist today. It is worth adding that many projects today do not longer use multisig wallets, and instead use a more advanced governance models like DAOs that have complex community voting and proposals. However, for people looking to adopt multisig wallets in their business or organization is important to understand the following:
As discussed in past articles, anything that is built on smart contracts can face serious vulnerabilities. In 2017 Parity, the Ethereum multisig wallet, experienced their first hack after the development team notified their users that the latest version of their wallet had a serious vulnerability. That day a hacker used the bug vulnerability to drain the Parity wallets of three Ethereum projects, stealing a combined amount of 153,037 ETH. Although the funds were not recovered, the vulnerability was later solved.
Another issue with mutisig wallets is their governance model. Some believe that placing trust in few accounts has a level of centralization, and that it can be risky if key holders lose access to their account. It has happened in the past where developers with multisig access get locked out of their account and are unable to log in. In those cases, it is nearly impossible to do anything, especially if their vote is needed to make any decisions.
Multi signature wallets can be great tools for anyone in the crypto space that is looking to add an extra layer of security to their funds, however it should never be seen as the only form of security, as there are still many risks in crypto outside of storage. At Valid Network, we empower crypto investors do their own research before investing in any crypto assets, and to take into consideration the security and vulnerabilities of crypto projects. A great tool to find out an asset’s security and reliability is Valid Data, the only platform that scans thousands of assets in the Ethereum network and Binance Smart Chain and breaks down the risks and opportunities of crypto assets.
