Multi-Signatures in Bitcoin: How It Works, How to Protect Funds, How It Works, and How Leaking Private Keys Increases Fraud Risks

BY KEYHUNTER 19.07.2025

In this research paper, we will explore in detail how multisig works in the Bitcoin ecosystem. While multisig mechanisms used in other cryptocurrencies may differ depending on the transaction model, the focus here is on the Bitcoin protocol. We will provide a clear definition of multisig, illustrate its structure with an example transaction, analyze practical use cases and security measures, and also consider the innovative P2SH mechanism and the detailed process of making a payment to a multisig address. This work will be a valuable resource for professionals working with digital currencies.

The concept of a multi-signature address in Bitcoin

A multisignature address (multisig) in Bitcoin is a special address associated with multiple ECDSA key pairs, each of which includes a private and a public key. There are different schemes that determine which keys and how many must be used to authorize spending from such an address. Thus, a transaction to a multisig address requires multiple signatures, which increases the security of the funds management.

Structure and example of a multi-signature transaction

In simplified form, a multisig address is formed by hashing the concatenation of several public keys. A transaction spending funds from such an address contains several inputs and outputs. For each input, a reference to the previous transaction and the corresponding evidence is specified:

  • For login with a regular address, scriptSig contains the public key and digital signature.
  • To log in with a multisig address, scriptSig includes multiple public keys and signatures, all of which are verified against the specific keys associated with the address.

This mechanism verifies the ownership of coins through multiple signatures.

Variations of multi-signature schemes

Among the most common multi-signature schemes are:

SchemeDescription
2 of 2Two signatures from two keys are required
2 of 3Any two signatures from three keys are sufficient
3 of 3All three signatures are required.
Maximum – 15 out of 15 signatures

Example 2 of 2 is widely used in joint budgeting scenarios, such as between a married couple, where consent from both parties is required for spending.

Practical use of multi-signatures

Scheme 2 of 2 — joint budget management
A couple creates a multisig address with two keys belonging to the husband and wife. Spending funds is possible only with the signature of both parties, which ensures collective control. In a critical situation, for example, if one of the parties loses access to the key, deferred transactions with the LockTime parameter are used, allowing funds to be transferred after a while to addresses controlled by each of the parties individually. These special transactions can be saved offline to protect against loss of access.

Scheme 2 of 3 — joint management of a group or service
Three participants have keys, but signatures of two of them are enough to spend funds. This mechanism is preferable for group wallets and wallet services, where one key belongs to the service and two to the user. If necessary, the user creates a transaction and signs it with his signature, after which the service adds its signature after authenticating the user through an additional channel (for example, SMS or call). If the service is not available, the user can use the third key for autonomous access to funds.

Benefits of multisig wallets and security measures

Multi-signature significantly reduces the risk of theft of funds due to phishing or hacking of one key, providing access control by several parties. In the case of the 2 of 2 scheme, it is recommended to create backup, deferred transactions with LockTime to protect against key loss. For 2 of 3, it is important to securely store all keys and promptly respond to the loss of at least one to prevent blocking of funds.

How Bitcoin Script and Multi-Signatures Work

Bitcoin Script is a stack programming language based on the concatenation of locking script and unlocking script. Signature verification occurs according to the following scenario:

  1. The unlocking script contains the signature and public key, which are pushed onto the stack.
  2. The locking script contains a hash of the public key, which is calculated and pushed onto the stack.
  3. Operations of comparing hash values and verifying digital signatures are performed to confirm the right to spend funds.
  4. If the conditions are met, the transaction is considered valid.

For multisig transactions, special operations are used to check the presence of the required number of signatures from the corresponding keys.

Pay to Script Hash (P2SH) concept

In January 2012, BIP16 was introduced, a P2SH mechanism that allows paying on a hash of a script rather than the full script. This significantly reduces the size of transaction outputs and simplifies the creation of complex spending conditions, including multisig.

When spending funds, the user provides a complete Redeem Script with public keys and the required number of signatures, proving knowledge of the conditions and the right to spend.

How P2SH Works in Practice

  • Redeem Script contains multisig parameters, for example “2 of 5” keys.
  • The Locking Script of the transaction contains the hash of the Redeem Script.
  • The Unlocking Script of the transaction contains signatures and the full Redeem Script.
  • When checking, the Redeem Script hash from the unlocking script must match the hash in the locking script, after which the signatures are checked.

The maximum script size is limited to approximately 520 bytes, which corresponds to the maximum size for a 15 out of 15 multisig.

Advantages of P2SH

  • Addresses are formed in the familiar Base58 format, starting with “3”, making it easy to use.
  • Allows you to hide the complexity of spending conditions until the moment the funds are spent.
  • Passing on the commission costs to the recipient as the transaction size when spending with multisig is large.
  • Support for various multi-signature schemes (2 of 2, 2 of 3, etc.).

Model of interaction when using multisig addresses

For example, if Bob generates a multisig address, he will sort the public keys into a specific order (usually alphabetical in Base58), generate a Redeem Script, and give the hash of the address to Alice. Alice will send funds to this address, but will not see the public keys or the terms of the spend. When Bob wants to make a transaction, he will provide the signatures and the full Redeem Script, after which the transaction will be confirmed and propagated to the network.

Answers to frequently asked questions

  • Can I run the same wallet on multiple computers? Yes, if I’m talking about storing the same private keys on different nodes (e.g. full or SPV). Balance and transactions are synchronized across all instances via the Bitcoin network.
  • How does P2SH integrate with Segregated Witness (SegWit)? SegWit moves proof of coin ownership out of the base block, improving efficiency and privacy. P2SH addresses can be used in conjunction with SegWit, allowing funds to be sent to P2SH Witness addresses.
  • Why can’t you personalize your wallet by linking it to your identity? Bitcoin is designed for anonymity. Linking addresses to identities violates privacy, and the protocol’s cryptography is based on mathematical proof of key ownership, not facial identification.
  • Can you trust digital currencies without mining? Such currencies, such as Ripple or Cardano, use different models of emission and transaction verification, often partially centralized. Trust in them is subjective and depends on the purpose of use and understanding of risks.

This review will systematize the key aspects of how multisig works in Bitcoin, revealing technical nuances and practical examples, which will allow specialists to more deeply understand and apply this technology in cryptanalysis and digital asset security.

The main risks of fraud when using multi-signatures are associated with several key scenarios:

  • Fake investment projects with shared multi-signature wallets , where a fraudster can block or steal funds by having access to some of the keys and preventing other participants from spending funds 1 .
  • Social engineering , in which attackers convince a user to hand over one of their private keys under the guise of help, technical support, or a trusted person 3 .
  • Vulnerabilities in smart contracts implementing multi-signature allow hackers to bypass the multiple signature mechanism and gain full control over funds 4 .
  • Fake partners or “friends” who, after creating a multi-signature wallet, gain the ability to block or withdraw assets to the detriment of other co-owners 1 .
  • Leakage of private keys and seed phrases , when a user unwittingly reveals data to scammers, depriving himself of the opportunity to solely manage the wallet 7 .
  • Phishing and malicious links that change wallet permissions and create a multi-signature with fraudster control 7 .
  • Errors and shortcomings in the implementation of multi-signature services and wallets , where attackers, like the Bybit hackers, bypass checks and sign fraudulent transactions without the knowledge of users 4 .
  • A breach of trust between co-owners that results in loss of access to funds (e.g. death of one of the key holders or refusal to sign transactions) 6 .
  • Over-the-counter (OTC) scams where private keys can be intercepted 7 .

For protection, it is recommended to carefully store private keys and seed phrases, exclude the transfer of access to third parties, avoid suspicious applications and links, use hardware wallets, and also thoughtfully design multisig schemes with backup access mechanisms (for example, LockTime transactions) 6 .

Thus, despite the increased security of multi-signature wallets, the presence of many participants and technical difficulties creates a number of vulnerabilities that are actively exploited by fraudsters. Users need to remain vigilant and implement comprehensive security measures.

Leaked private keys significantly increase the risk of fraud in the cryptocurrency ecosystem for several reasons:

  • Direct access to funds . The private key is effectively the “password” to the wallet. If an attacker obtains it, they gain full control over all funds at the corresponding address and can freely transfer cryptocurrency without the owner’s knowledge 1 .
  • Laundering stolen funds : Once stolen, compromised funds are often routed through decentralized exchanges (DEXs), mixers, and mining services to hide their tracks and make it harder to track the scammers 1 .
  • Malware distribution and phishing . Attackers actively use malicious applications, phishing sites and social engineering to deceive users into giving away private keys, seed phrases or key storage files 4 .
  • User errors and human factors are among the most common causes of leaks. Sometimes keys are accidentally published in open repositories, sent over unsecured channels, or stored in untrusted locations, making them easy to compromise 2 .
  • Using wallets with a weak key generation algorithm . If private keys are not generated randomly or predictably, hackers can figure them out and steal assets 6 .
  • Threats in multi-signature schemes . In multi-signature wallets, the compromise of at least some of the private keys (for example, one of two or three) can lead to unauthorized execution of transactions or blocking of funds 1 .
  • Reputational and financial losses . For organizations, key leaks mean not only the loss of assets, but also the undermining of customer and investor trust, which negatively affects business and the market 2 .
  • Unwise storage of keys . Using text files, instant messaging, open notes or unsafe cloud storage increases the likelihood of compromise 3 .

Ultimately, leaked private keys turn a secure crypto wallet into a source of vulnerability, allowing criminals to quickly and irrevocably withdraw digital assets. Protecting keys, using hardware wallets, reliable backups, and being vigilant when working with suspicious links and applications are the main measures to reduce the risk of fraud associated with the compromise of private keys 5 .

Attackers use fake multi-signature wallets for several reasons, allowing them to deceive victims and gain control over their funds:

  • Creating a shared wallet for “joint investment” where the fraudster initiates a multi-signature wallet with the victim and a third party. He controls some of the keys and can block or steal funds by taking advantage of the fact that the other participants cannot agree on spending without his signature 1 .
  • Social engineering and trust fraud . Fraudsters pose as technical support, friends or business partners and convince the victim to hand over one of the private keys or even add them to the list of multi-signature signatories. In this way, the category of victims voluntarily provides fraudsters with access to managing funds 3 .
  • Injecting vulnerabilities into multi-signature smart contracts . In the case of multi-signature smart contracts, attackers exploit errors in the code that allow them to bypass the requirement for multiple signatures and gain full control 1 .
  • Fake apps and fake wallets with the visual identity of official programs, where victims enter seed phrases or private keys, not even suspecting that they are instructing scammers on how to access funds 7 .
  • Manipulation of OTC and off-exchange trades , where private keys or permissions can be intercepted or added by fraudsters to create a joint multi-signature, preventing the user from managing assets without the consent of the attacker 3 .
  • Deception of novice scammers – on some sites, traps are created – multi-signature wallets, into which inexperienced attackers transfer stolen funds, after which they are automatically transferred to the scammers, which demonstrates the complexity and risks of multi-signatures even for attackers 5 .

Thus, fake multi-signature wallets serve as a tool to create the illusion of security and shared control, while fraudsters actually gain hidden access, block funds, or appropriate them. It is important for users to be vigilant – do not follow suspicious links, do not enter private keys in unverified applications, and be careful about offers to jointly manage crypto assets, especially using multi-signature.

Providing scammers with partial access to your wallet , especially with a multi-signature wallet, carries serious risks and is widely used by attackers as a key method of deception. Here’s why it’s dangerous:

  • Access manipulation and blocking of funds
    Fraudsters, having obtained part of the keys, can block the spending of funds or demand additional transfers from the victim to “pay commissions”, creating the illusion of joint control, but in fact managing resources and delaying withdrawal 4 .
  • Trust fraud and social engineering
    A victim deceived by a fraudster voluntarily provides a key or agrees to participate in a multi-signature scheme, which allows the attacker to execute transactions without the full consent of all participants 1 .
  • Exploiting multi-signature features to steal or hold cryptocurrency
    Partial access creates the ability to sign transactions maliciously, or create conditions in which funds effectively become “stuck” due to the lack of necessary signatures from bona fide owners 4 .
  • Stealing sensitive data and expanding control
    Providing partial access may result in the leakage of private keys, seed phrases, or other sensitive information, allowing attackers to gain complete control over the wallet or associated infrastructure 8 .
  • Activation of social engineering schemes
    Once access is gained, fraudsters continue to convince the victim to provide additional data and make transfers using false excuses (“payment of fees”, “security check”), which leads to further losses 6 .
  • Unreversible transactions and high withdrawal speed
    Unlike bank transfers, crypto transactions are irreversible, so once access is gained, a fraudster can quickly withdraw funds, which significantly reduces the chances of recovering money 8 .
  • Risks of Associated Fraud
    Partial access to wallets is often combined with other types of fraud (phishing, malware), making it difficult to identify and save funds 8 .

Therefore, it is extremely important to never provide access to keys or parts of keys to third parties , not to trust unverified services, and to keep private information secret. Being vigilant and using hardware wallets, two-factor authentication, and reliable backup systems will help minimize the risks of fraud associated with multi-signatures and partial access.

  1. https://academy.binance.com/ru/articles/what-are-multisig-scams-and-how-to-avoid-them
  2. https://www.tadviser.ru/index.php/%D0%A1%D1%82%D0%B0%D1%82%D1%8C%D1%8F:%D0%9C%D0%BE%D1%88%D0%B5%D0%BD%D0%BD%D0%B8%D1%87%D0%B5%D1%81%D1%82%D0%B2%D0%BE_%D1%81_%D0%B1% D0%B0%D0%BD%D0%BA%D0%BE%D0%B2%D1%81%D0%BA%D0%B8%D0%BC%D0%B8_%D0%BA%D0%B0%D1%80%D1% 82%D0%B0%D0%BC%D0%B8_%D0%B8_%D0%BF%D0%BB%D0%B0%D1%82%D0%B5%D0%B6%D0%B0%D0%BC%D0%B8
  3. https://cryptocloud.plus/blog/vidy-p2p-skama
  4. https://www.binance.com/ru/square/post/16709688109065
  5. https://iz.ru/1852436/natala-ilina-evgenii-gracev-anna-kaledina/ne-dat-vzat-mosenniki-ispolzuut-samozapret-na-kredity-dla-obmana
  6. https://bits.media/obratnoe-moshennichestvo-s-predostavleniem-klyuchey-kak-ne-stat-zhertvoy-zloumyshlennikov/
  7. https://alfabank.ru/help/articles/debit-cards/komu-mozhno-soobschat-nomer-bankovskoy-karty/
  8. https://www.tadviser.ru/index.php/%D0%A1%D1%82%D0%B0%D1%82%D1%8C%D1%8F:%D0%9C%D0%BE%D1%88%D0%B5%D0%BD%D0%BD%D0%B8%D1%87%D0%B5%D1%81%D1%82%D0%B2%D0%BE_%D1%81_%D0%BA%D1%80%D0%B8%D0%BF%D1%82%D0%BE%D0%B2%D0%B0%D0%BB%D1%8E%D1%82%D0%BE%D0%B9
  9. https://www.ankb.ru/ob-otvetsvennosti-za-uchastie-v-dropperstve/
  10. https://fincult.info/article/kto-takie-droppery-ili-kak-ne-stat-souchastnikom-prestupleniya/
  1. https://quickex.io/ru/blog/guide/multisig-scams
  2. https://www.gate.com/ru/learn/articles/beginners-guide-to-web3-security-risk-of-wallet-being-maliciously-multi-signed/4103
  3. https://www.gate.com/ru/learn/articles/what-are-multisig-scams-and-how-can-users-protect-themselves/8068
  4. https://academy.binance.com/ru/articles/what-are-multisig-scams-and-how-to-avoid-them
  5. https://www.kucoin.com/ru/learn/crypto/top-crypto-scams-in-a-crypto-bull-market-and-protect-your-assets
  6. https://b24.am/ru/crypto/95087.html
  7. https://www.anti-malware.ru/analytics/Technology_Analysis/How-to-protect-digital-assets-from-fraud
  8. https://www.binance.com/ru/square/post/17457874374842
  9. https://dtf.ru/2165632-opasnye-trendy-kak-imenno-kradut-dengi-s-kriptokoshelkov
  10. https://amlcrypto.io/ru/blog/multi_signature_wallet_what_is_it_and_how_does_it_work
  1. https://www.tadviser.ru/index.php/%D0%A1%D1%82%D0%B0%D1%82%D1%8C%D1%8F:%D0%9C%D0%BE%D1%88%D0%B5%D0%BD%D0%BD%D0%B8%D1%87%D0%B5%D1%81%D1%82%D0%B2%D0%BE_%D1%81_%D0%BA%D1%80%D0%B8%D0%BF%D1%82%D0%BE%D0%B2%D0%B0%D0%BB%D1%8E%D1%82%D0%BE%D0%B9
  2. https://xygeni.io/ru/blog/all-you-need-to-know-about-secret-leakage/
  3. https://www.gate.com/ru/learn/articles/blockchain-inscription-fraud-schemes-and-how-to-prevent-them/3092
  4. https://www.kaspersky.ru/resource-center/definitions/cryptocurrency-scams
  5. https://amlcrypto.io/ru/blog/how_to_backup_your_crypto_wallet_private_keys
  6. https://bits.media/novyy-vid-scam-raskryvaemye-zakrytye-klyuchi/
  7. https://searchinform.ru/analitika-v-oblasti-ib/utechki-informatsii/sposoby-predotvrascheniya-utechki-informatsii/protivodejstvie-utechkam-informacii/
  8. https://ank-pki.ru/infrastruktura-otkrytyh-kljuchej-pki/ispolzovanie-infrastruktury-otkrytyh-kljuchej-dlja-zashhity-ipotechnyh-dannyh/
  9. https://www.rbc.ru/crypto/news/62989b5b9a7947a803e431f9
  10. https://opennet.ru/59092/
  1. https://quickex.io/ru/blog/guide/multisig-scams
  2. https://www.binance.com/ru/square/post/15515755168098
  3. https://academy.binance.com/ru/articles/what-are-multisig-scams-and-how-to-avoid-them
  4. https://www.gate.com/ru/learn/articles/what-are-multisig-scams-and-how-can-users-protect-themselves/8068
  5. https://web3.okx.com/ru/learn/tron-wallet-multisignature-scams
  6. https://zonebitcoin.co/ru/%D1%87%D1%82%D0%BE-%D1%82%D0%B0%D0%BA%D0%BE%D0%B5-%D0%BA%D0%BE%D1%88%D0%B5%D0%BB%D0%B5%D0%BA-%D1%81-%D0%BC%D1%83%D0%BB%D1%8C%D1%82%D0%B8%D0%BF%D0%BE%D0%B4%D0%BF%D0%B8%D1%81%D1%8C%D1%8E/
  7. https://www.gate.com/ru/learn/articles/beginners-guide-to-web3-security-risk-of-wallet-being-maliciously-multi-signed/4103
  8. https://amlcrypto.io/ru/blog/multi_signature_wallet_what_is_it_and_how_does_it_work
  9. https://www.block-chain24.com/faq/chto-takoe-multipodpisnoy-koshelek-i-kak-on-rabotaet
  10. https://learn.bybit.com/en/blockchain/what-is-multisig-wallet
  1. https://habr.com/ru/companies/distributedlab/articles/415757/
  2. https://habr.com/ru/articles/600113/comments/
  3. https://www.bitget.com/ru/glossary/multisignature
  4. https://osintmonster.com/tg-stat/index/?sort=-name&page=46&per-page=300
  5. https://amlcrypto.io/ru/blog/multi_signature_wallet_what_is_it_and_how_does_it_work
  6. http://sch56-ngo.ru/main/content/safety/06_%D0%98%D0%BD%D1%84%D0%BE%D1%80%D0%BC%D0%B0%D1%86%D0%B8%D0%BE%D0%BD%D0%BD%D0%B0%D1%8F%20%D0%B1%D0%B5%D0%B7%D0%BE%D0%BF%D0%B0%D1%81%D0%BD%D0%BE%D1%81%D1%82%D1%8C/%D0%A1.%20%D0%9C%D0%B0%D0%BA%D0%B0%D1% 80%D0%BE%D0%B2%20%D0%9F%D1%80%D0%B5%D0%BA%D1%80%D0%B0%D1%81% D0%BD%D1%8B%D0%B9,%20%D0%BE%D0%BF%D0%B0%D1%81%D0%BD%D1%8B%D0% B9,%20%D0%BA%D0%B8%D0%B1%D0%B5%D1%80%D0%B1%D0%B5%D0%B7%D0%BE%D0%BF%D0%B0%D1%81%D0%BD%D1%8B%D0%B9%20%D0%BC%D0%B8%D1%80.pdf
  7. https://support.bitcoin.com/ru/articles/5713038-%D1%87%D1%82%D0%BE-%D1%82%D0%B0%D0%BA%D0%BE%D0%B5-%D0%BA%D0%BE%D1%88%D0%B5%D0%BB%D1%91%D0%BA-%D1%81-%D0%BE%D0%B1%D1%89%D0%B8%D0%BC%D0%B8-%D0%BC%D1%83%D0%BB%D1%8C%D1%82%D0%B8-%D0%BF%D0%BE%D0%B4%D0%BF%D0%B8%D1%81%D1%8F%D0%BC%D0%B8
  8. https://news.scienceland.ru/wp-content/uploads/2019/08/%D0%91%D0%BE%D1%81%D0%BE%D0%B2%D0%B0-%D0%9F%D0%B0%D0%B2%D0%BB%D0%BE%D0%B2_%D0%90%D0%BA%D1%82%D1%83%D0%B0%D0%BB%D1%8C%D0%BD%D1%8B%D0%B5-%D0%BF%D1%80%D0%BE%D0%B1%D0%BB%D0%B5% D0%BC%D1%8B-%D0%BC%D0%B5%D1%82%D0%BE%D0%B4%D0%B8%D0%BA%D0%B8-%D0%BE%D0%B1%D1%83%D1%87%D0%B5%D0%BD%D0%B8%D1%8F-2019 -%D0%AD%D0%BB%D0%B5%D0%BA%D1%82%D1%80%D0%BE%D0%BD%D0%BD%D0%BE%D0%B5-%D0%B8%D0%B7%D0%B4%D0%B0%D0%BD%D0%B8%D0%B5.pdf
  9. https://ru.wikipedia.org/wiki/%D0%9C%D1%83%D0%BB%D1%8C%D1%82%D0%B8%D0%BF%D0%BE%D0%B4%D0%BF%D0%B8%D1%81%D1%8C
  10. https://habr.com/ru/articles/417161/comments/