Multisig

Most people don't need multisig right away. Get comfortable with single-sig first. When your holdings grow or you need inheritance planning, come back here.

When You Need It

• Significant holdings that justify the added complexity
• Physical security concerns — no single location can be robbed for full access
• Inheritance planning — family members can access funds cooperatively
• Eliminating single points of failure — no one device or backup loss is catastrophic

How 2-of-3 Works

Three independent keys (three COLDCARDs, each with its own seed). The wallet requires any two of the three to sign a transaction.

To receive: Any device or the coordinator wallet can generate receive addresses.

To spend: Build a PSBT in the coordinator, sign on two of three COLDCARDs, broadcast.

Setup with COLDCARD + Sparrow

What You Need

• Three COLDCARDs (recommended), or two COLDCARDs and one other PSBT-compatible hardware wallet
• Sparrow Wallet on your computer
• MicroSD cards

Step 1: Generate Three Independent Seeds

Set up each COLDCARD with its own seed, independently. Each gets its own metal backup. Don't reuse seeds from your single-sig wallet.

Step 2: Export Public Keys

On each COLDCARD: Settings > Multisig Wallets > Export XPUB. Saves the public key info to MicroSD. COLDCARD Q can also display this as a QR code.

Step 3: Create the Wallet in Sparrow

In Sparrow: File > New Wallet. Select "Multi Signature." Set policy to 2-of-3, script type to Native SegWit (P2WSH).

Import each COLDCARD's public key into the three keystore tabs. Click Apply.

Step 4: Register on Each COLDCARD

Export the wallet configuration from Sparrow to MicroSD. Import on each COLDCARD via Settings > Multisig Wallets > Import from File. This lets each device verify transactions match the expected wallet.

Step 5: Verify Addresses

Generate the first few receive addresses in Sparrow and confirm they match on each COLDCARD. If they match, the setup is correct.

The Wallet Descriptor

A wallet descriptor is a standardized string containing everything needed to reconstruct your multisig wallet: all three public keys, the derivation paths, the quorum policy (2-of-3), and the script type.

The descriptor is as important as your seed phrases. With single-sig, a seed alone reconstructs the wallet. With multisig, you need both the seeds AND the descriptor. Without it, three seed phrases are just three unrelated wallets.

Back up the wallet descriptor:

• Export from Sparrow as a text file
• Store a copy at every seed backup location
• The descriptor contains only public keys — it's not secret

Geographic Distribution

No single location should hold full spending power:

• Location A: COLDCARD #1 + seed backup #1 + wallet descriptor copy
• Location B: COLDCARD #2 + seed backup #2 + wallet descriptor copy
• Location C: COLDCARD #3 + seed backup #3 + wallet descriptor copy

No two locations should share the same disaster risk. A fire at Location A leaves you with two keys at B and C — enough to spend and migrate to a new setup.

Recovery Scenarios

Lost device (not compromised): Use the remaining two to move funds to a new 2-of-3 wallet with three fresh keys.

Stolen device: The thief has one key and cannot spend alone. Use the remaining two to move ALL funds immediately. Set up an entirely new 2-of-3.

Two devices lost: Funds are permanently locked. 2-of-3 tolerates losing one key, not two.

Coordinator Alternatives

Sparrow is the recommendation for desktop power users. Alternatives:

• Nunchuk — mobile-friendly, NFC tap-to-sign, collaborative custody features
• Specter Desktop — connects directly to your own Bitcoin Core node

All three support COLDCARD and PSBT-based signing.