If you have been following cryptocurrency news, you have probably heard about the Bybit hack—the largest crypto heist in history, with $1.5 billion stolen on February 21, 2025. But if you are new to crypto, you might be wondering: what exactly is a multisig wallet, how did it get hacked, and what does this mean for your own crypto holdings? This guide breaks down the fundamentals of multisignature wallet security in plain language, using the Bybit incident as a real-world case study.
The Basics
A multisignature wallet—often called a multisig wallet—is a type of cryptocurrency wallet that requires multiple people to approve a transaction before it can be sent. Think of it like a bank vault that needs two or three keys turned simultaneously to open. In crypto terms, instead of physical keys, you have private keys—long strings of numbers and letters that act as digital signatures. A typical multisig setup might require 3 out of 5 authorized signers to approve a transaction. This means that even if one person’s key is compromised, an attacker cannot move funds without getting at least two other signers to approve the transaction. Multisig wallets are widely used by cryptocurrency exchanges, DeFi protocols, and organizations that manage large amounts of digital assets because they distribute trust across multiple people rather than concentrating it in a single individual.
Why It Matters
The Bybit hack matters because it showed that multisig wallets, while much more secure than single-key wallets, are not invincible. The attackers—believed to be North Korea’s Lazarus Group—did not steal anyone’s private keys. Instead, they manipulated the software interface that displays transaction details to the signers. When Bybit’s authorized signers looked at their screens, they saw what appeared to be a normal, routine transfer of funds. But the underlying transaction had been secretly modified to send 499,000 ETH—worth approximately $1.5 billion—to the attackers. The signers approved what they saw on screen, not what was actually happening on the blockchain. This is like someone replacing the display on an ATM to show you are withdrawing $100 when you are actually withdrawing $100,000. By February 26, Bitcoin had fallen to $84,076 and Ethereum to $2,331 as the market absorbed the shock.
Getting Started Guide
If you are considering using a multisig wallet for your own crypto holdings, here is what you need to know. First, determine whether you actually need one. For most individual investors with moderate holdings, a well-secured hardware wallet like a Ledger or Trezor provides excellent security without the complexity of multisig. Multisig becomes valuable when you are managing funds with a group—a company treasury, a DAO, a family office, or any situation where no single person should have unilateral control. To set up a basic multisig wallet, you can use platforms like Safe (formerly Gnosis Safe) on Ethereum, or Sparrow Wallet for Bitcoin. The setup process involves generating multiple independent private keys, specifying how many approvals are required (the threshold), and configuring the signers. Each signer should use a separate device, ideally a hardware wallet, stored in different physical locations. Once configured, any transaction requires the designated number of signers to independently review and approve it.
Common Pitfalls
The biggest pitfall, as the Bybit hack demonstrated, is trusting what you see on your screen. A multisig wallet is only as secure as the software displaying the transaction details. If that software can be compromised—through a supply chain attack, malware on your computer, or a compromised developer toolchain—you might approve a malicious transaction without knowing it. Other common mistakes include storing all signer devices in the same location (if there is a fire or theft, you lose access to everything), using phones or computers that may have malware for signing transactions, and failing to have a backup plan if a signer loses access to their key. A robust multisig setup should include a recovery mechanism that does not require all original signers to be available.
Next Steps
Now that you understand the basics of multisig wallet security, the next step is to evaluate your own setup. If you are using a single-key wallet for significant holdings, consider upgrading to a hardware wallet at minimum. If you are part of an organization managing crypto assets, implement multisig with separate hardware devices and independent verification. Stay informed about security developments—this is a rapidly evolving field, and the tools and best practices of today may need updating tomorrow. The crypto industry is building the financial infrastructure of the future, but that future must be built on security practices that match the value at stake.
Disclaimer: This article is for educational purposes only and does not constitute financial or security advice. Always conduct your own research before making decisions about your cryptocurrency holdings.
Finally someone explaining multisig in plain language instead of assuming everyone is a dev. The vault with multiple keys analogy is spot on.
agreed, most multisig guides assume you can code. the vault analogy works well. one thing id add: test your multisig setup with small amounts first, dont go straight to moving your whole stack
Should also mention that even with multisig, if your signing device is compromised you still lose. Hardware wallets are non-negotiable for multisig signers.
the 3-of-5 setup is solid for teams but overkill for individuals. 2-of-3 with one key in a bank vault is probably the sweet spot for personal holdings
solmaxi_77 2-of-3 with one key at a bank vault is underrated. airgapped laptop for signing, bank vault for the backup seed, phone for the third key. simple enough for individuals
Wei Zhang the signing device point is critical. bybit had multisig and it didnt matter because the UI was compromised. hardware wallets are necessary but not sufficient
this is the part that scares me. you can have perfect key management and still get wrecked if the interface you use to sign shows you a fake transaction. the attack surface is way bigger than most people think
hardware wallet + multisig still fails if you verify a malicious transaction on a compromised screen. the whole chain of trust matters, not just the wallet device