Part 2: Protect your Bitcoin with an Electrum Multisig wallet, with Coldcard, Ledger, and Trezor!
In Part 1, I provide a very detailed guide to creating a 2 of 3 multisig wallet on Electrum using the 3 best hardware wallets in the market, Coldcard, Ledger, and Trezor using a method that is only compatible for legacy (p2sh) addresses. Part 2 covers a method for native segwit (p2wsh, bech32) addresses and for p2wsh-p2sh addresses. Read on!
WHAT?
As discussed in Part 1, multi-signature wallets are the safest way to store your bitcoin. In the previous post, we leveraged Coldcard’s ability to sign PSBTs in an airgapped fashion, and we created the multsig wallet in an airgap fashion as well. However, due to some compatibility issues with Electrum, that wallet creation method only works for legacy addresses. Many readers reached out and asked how to create a multisig address for native segwit (p2wsh, bech32) addresses and for p2wsh-p2sh addresses, and this guide outlines how.
WHY?
Why is there so much interest in native segwit (p2wsh, bech32) addresses? Bech32 addresses are the latest format of btc addresses, and are optimized to ensure considerably lower transaction fees vs legacy addresses.
How do you create a bitcoin 2 of 3 multi sig wallet on Electrum?
WARNING! To recover funds in the future you will need EITHER all 3 hardware wallets, or 2 wallets + all 3 master public keys (ZPUBS), or 2 wallets + an Electrum wallet backup file.
NOTE: Here’s where the steps will be different than in PART 1.
WAIT WHAT!?!? OK, OK, I know a lot of readers will have just shouted. Many feel that a Coldcard should never be plugged into a computer. Why? Unlike Ledger or Trezor harware wallets, Coldcard has the unique ability to run forever airgapped. That is because it can sign PSBTs via an SD card, and can even upgrade its firmware via the SD card as well. Unfortunately, copying your ZPUB into Electrum (like we did in PART 1 with XPUBs) does not work. I hope Electrum fixes this bug in the future.
Although in a single wallet mode I would never plug in a Coldcard to a computer (it’s a higher risk vector, as malware could, in theory, find a way onto your Coldcard), in a multisig environment your risks of a compromised hardware wallet resulting in lost funds are severely decreased. Since you need 2 of 3 keys to sign any transaction, that same theoretical malware would have to also infect your other wallets.
Alternative: If you still want a forever airgap coldcard, you can run the wallet creation steps outlined on this guide on a forever airgapped laptop, and then copy the wallet file over to your regular computer via an SD card.
You can now safely unplug your Coldcard, and know that you’ll never again have to plug it into the computer. From here on out, all transaction signing will be done airgapped via signing PSBTs with an SD card.
However, in order to so so, we have to tell Coldcard about the multisig wallet. Here’s how:
Now, take the SD card, insert it into the now (and forevermore) airgapped Coldcard for the next steps.
Optional (but recommended, because proper bitcoiners know DON’T TRUST, VERIFY!)
Before importing the multisig wallet, Coldcard gives us the ability to verify that the Xpubs we are importing are the same as the ones we used to create the wallet on Electrum. However, only Xpubs are shown (and in this case we used Zpubs in Electrum).
Good news is you can use a converter tool to convert each Zpub into its corresponding Xpub.
From Step 12, we can convert each Zpub to its corresponding Xpub to make sure the Coldcard is in-fact accepting the correct wallet. I used Casa’s open source online tool to convert.
(Repeat Optional Step 1 and Optional Step 2 for all 3 Zpub/Xpub addresses.)
OK, now that you’ve saved the multisig wallet to your Coldcard, it’s time to test some transactions! (If you are familiar with Part 1 the rest of this guide is identical).
Now, let’s add some tiny amount of funds to make sure we can actually spend from this wallet. DO NOT SEND a large amount of bitcoin until we can verify we can sign from all 3 of our hardware wallets!
Transfer funds from another wallet.
Now, let’s make sure we can send funds out.
ALWAYS make sure you can actually sign from a wallet before you transfer large amounts of funds into your wallet!
We will go through 2 withdrawal tests. First signing with the Trezor & Ledger (that have been plugged into the computer), and later with either of those plus the Coldcard.
For the first test transaction, let’s label it as a test to confirm we can sign with the first two hardware wallets. Don’t withdraw all the funds, save some funds for the second withdraw test too.
In this case, I got a warning as the fee represents a large % of the funds I’m sending. Maybe I was too cheap with my test transaction! We’ll just ignore the warning and proceed.
Electrum will ask you to insert & sign with each of the 2 hardware wallets:
Let’s start with Trezor.
Step 24. This is how you sign the transaction on your Trezor:
ALWAYS confirm the send address and send amount on your hardware wallet matches the intended address.
Once Trezor has signed, we will sign with Ledger. Electrum will ask you to insert Ledger:
Unplug your Trezor and plug in your Ledger. Make sure you it is unlocked with the Bitcoin app open. Hit Next.
Step 25. This is how you sign the transaction on your Ledger:
Ledger will recognize a multisig change path as unusual, ok to ignore this warning.
But good to confirm the path fits in structure with the wallet type.
Always confirm the amount matches the intended amount.
ALWAYS confirm the send address on your hardware wallet matches the intended address.
Success!!! Payment Sent!
OK, that wasn’t so bad! Now, the next test involves signing with EITHER of the Trezor or Ledger, and with the air gapped Coldcard (we will use PSBT, more on that later).
Again, we need to create a SEND transaction as before. Create a new payment description and follow the steps outlined above for signing with the hardware wallet you picked.
In this example, I’m picking Trezor + Coldcard.
This time, it’s ok to send Max funds, but feel free to send a smaller amount. Press Pay & follow through to signing.
This step is the same as we did in the first transaction, so I won’t post a play by play. If you get stuck, re-read step 24.
After signing with the first hardware wallet, Electrum will ask you to sign with the Ledger (if you used Trezor first) or Trezor (if you used Ledger first).
BUT, we don’t want that option! We want to sign with the Coldcard!
So, hit No.
That will take us back to the Transaction screen, where we can save the PSBT (Partially Signed Bitcoin Transaction) into a MicroSD card and then import it into our Coldcard for signing.
Notice the Transaction Status now has been updated from “Unsigned” to “Partially signed (1/2)”. This is because we already signed this transaction with one of the hardware wallets. We can not Broadcast the transaction until it has 2 signatures (remember, this is a 2 of 3 multisig).
We now have a Partially Signed Bitcoin Transaction, or PSBT!
Again, as reminder, the transaction has NOT been sent, because it does NOT yet have 2 of the 3 signatures.
In order to sign with Coldcard, we need to leverage the Coldcard’s ability to sign a PSBT in an air gap manner.
Next we will export PSBT from Electrum to Coldcard for signing air gapped:
Now we go to the ColdCard to sign the PSBT. Insert the MicroSD into the Coldcard.
Step 30. This is how you sign the transaction on your ColdCard:
Ready to Sign, press OK.
Scroll down and find your PSBT.
Next it will sign the PSBT. Always verify amount and address match the intended values.
PSBT is now signed!
Now that Coldcard has signed the PSBT, we need to combine it with our Electrum PSBT (previously partially signed by the Trezor/Ledger) to be able to broadcast a singed transaction:
MAGIC! The status of the Transaction is now “Signed”!!!
Now that we have successfully been able to spend funds by signing with each of our 3 hardware wallets, it is safe to transfer larger funds into the 2 of 3 multisig wallet. You have now upgraded your bitcoin security.
With Coldcard’s ability to sign a PSBT in an airgap (offline) manner, you never need to have 2 of your hardware wallets in the same location to be able to sign a transaction. You don’t even need internet access or a computer with you!
Remember to store your hardware wallets (and their backups) in secure, separate locations. The beauty of multisig wallets is you can have geographic redundancy and security, so take advantage of that!
fin.
I hope you have enjoyed this guide!
If you’d like to test sending funds from your new 2 of 3 multisig… or would like to buy me a beer or some tacos, I’m happy to accept some SATs:
on-chain BTC donations: https://tallyco.in/s/wlngw4/
lightning sats donations: https://strike.me/sundaywar