Protect your Bitcoin with an Electrum Multisig wallet, with Coldcard, Ledger, and Trezor!

@SundayWar
Jul 15 · 9 min read

Why?
If you own Bitcoin, it is your responsibility to keep it safe. Hardware wallets offer a great way to protect your funds, but multi signature wallets elevate your security even further.

Undoubtedly, the three best hardware wallets in the market are Coldcard, Ledger, and Trezor. There are pros & cons for each, and competition among them is fierce. This is great, it makes all of us bitcoiners safer. This post will not take sides or pick a winner as to which hardware wallet is the best. (There is lots of discussion online on this already.) Ultimately, as consumers it’s best to have multiple strong security options.

If however, like many bitcoiners, you’ve been stressing out when trying to pick which hardware wallet is best for your multisig, here’s some good news:

A great thing about multi signature wallets is that you don’t need to choose only one hardware wallet provider. By using all three hardware wallet manufacturers in a multi sig wallet, even if a major vulnerability or flaw is discovered in one of the wallet providers, your bitcoin will still be safe.

The rest of this guide will walk you through creating a 2 of 3 multi signature wallet using Coldcard, Ledger, and Trezor on Electrum.

How do you create a bitcoin 2 of 3 multi sig wallet on Electrum?

Image for post
Image for post
Step 1. Create a new wallet on Electrum
Image for post
Image for post
Step 2. Name your wallet
Step 3. Select the Multi-signature wallet option
Image for post
Image for post
Step 4. Pick your wallet configuration. I recommend a 2 of 3, meaning you will need 2 of the 3 hardware wallets to sign transactions before spending BTC.

WARNING! To recover funds in the future you will need EITHER all 3 hardware wallets, or 2 wallets + all 3 master public keys (XPUBS), or 2 wallets + an Electrum wallet backup file.

Image for post
Image for post
Step 5. Make sure your Trezor is plugged in and unlocked, then hit Next.
Image for post
Image for post
Step 6. Select your Trezor wallet. Hit Next.
Image for post
Image for post
Step 7. Choose legacy multisig (p2sh). Leave the derivation path as is. Hit Next.

NOTE: I’ve only been able to get these wallets to work with legacy (p2sh) addresses. If anyone has been successful with p2wsh-p2sh or p2wsh please let me know and I’ll update the guide!

Image for post
Image for post
This is the Trezor’s XPUB. Hit Next.
Image for post
Image for post
Step 8. Unplug your Trezor and plug in your Ledger. Make sure you it is unlocked with the Bitcoin app open. Hit Next.
Image for post
Image for post
Hit Next.
Image for post
Image for post
Step 9. Again we choose legacy multisig (p2sh). Leave the derivation path as is. Hit Next.
Image for post
Image for post
Step 10. Enter cosigner key. Hit Next.

Now, for Coldcard, we do NOT want to use the “Cosign with hardware device” option as we did in the past (that would require us to connect the ColdCard to the computer).

Since we want to use Coldcard fully air gapped, we will instead import the Coldcard’s public key (XPUB). Hit Next.

We now move over to our air gapped Coldcard (plugged into a portable battery, never to a computer). We need to export our wallet details from your Coldcard onto our MicroSD card:

On to the ColdCard:

Image for post
Image for post
Step 11. Navigate to Settings
Image for post
Image for post
Step 12. Select Multisig Wallets
Image for post
Image for post
Step 13. Export XPUB
Image for post
Image for post
XPUB now saved to MicroSD

Press OK a few times and the XPUB will be saved into your MicroSD.

Now insert the MicroSD into your computer and open the newly created XPUB file (your Coldcard wallet fingerprint is on the file name):

Image for post
Image for post
Step 14. Copy the Xpub from the Coldcard wallet.
Image for post
Image for post
Step 15. Paste the Xpub from the Coldcard into Electrum as the 3rd cosigner. Hit Next.
Image for post
Image for post
Optional (but recommended). Add a password to encrypt your wallet on your computer. While someone with only your wallet file CAN’T steal your funds (they’d also need 2 of the 3 private keys stored in your hardware wallets), they could see your balances, transactions, and addresses. So, it’s safer to use a password here.
Image for post
Image for post
Step 16. Success! You now have a 2 of 3 multi sig wallet with the top 3 hardware wallets in the market! You’ll get a few messages asking you to insert your hardware wallets. You can proceed with the prompts or just click No for now.

Now, let’s add some tiny amount of funds to make sure we can actually spend from this wallet. DO NOT SEND a large amount of bitcoin until we can verify we can sign from all 3 of our hardware wallets!

Image for post
Image for post
Step 17. Hit Receive
Image for post
Image for post
Step 18. Edit your transaction description. Hit Request.
Image for post
Image for post
Copy the receive address (or scan QR code) and send test funds.

Transfer funds from another wallet.

Image for post
Image for post
Received!

Now, let’s make sure we can send funds out.

ALWAYS make sure you can actually sign from a wallet before you transfer large amounts of funds into your wallet!

Image for post
Image for post
Step 19. Go to the SEND tab

We will go through 2 withdrawal tests. First signing with the Trezor & Ledger (that have been plugged into the computer), and later with either of those plus the Coldcard.

For the first test transaction, let’s label it as a test to confirm we can sign with the first two hardware wallets. Don’t withdraw all the funds, save some funds for the second withdraw test too.

Image for post
Image for post
Step 20. Pay

In this case, I got a warning as the fee represents a large % of the funds I’m sending. Maybe I was too cheap with my test transaction! We’ll just ignore the warning and proceed.

Image for post
Image for post

Electrum will ask you to insert & sign with each of the 2 hardware wallets:

Let’s start with Trezor.

Image for post
Image for post
Step 21. Make sure your Trezor is plugged in and unlocked, then hit Next.
Image for post
Image for post

Step 22. This is how you sign the transaction on your Trezor:

Image for post
Image for post
ALWAYS confirm the send address and send amount on your hardware wallet matches the intended address.
Image for post
Image for post
Image for post
Image for post
Hold to confirm!

Once Trezor has signed, we will sign with Ledger. Electrum will ask you to insert Ledger:

Image for post
Image for post
Step 23. Unplug your Trezor and plug in your Ledger. Make sure you it is unlocked with the Bitcoin app open. Hit Next.
Image for post
Image for post

Step 24. This is how you sign the transaction on your Ledger:

Image for post
Image for post
Ledger will recognize a multisig change path as unusual, ok to ignore this warning.
Image for post
Image for post
But good to confirm the path fits in structure with the wallet type.
Image for post
Image for post
Always confirm the amount matches the intended amount.
Image for post
Image for post
ALWAYS confirm the send address on your hardware wallet matches the intended address.
Image for post
Image for post
Accept and send!
Image for post
Image for post
Success!!! Payment Sent!

OK, that wasn’t so bad! Now, the next test involves signing with EITHER of the Trezor or Ledger, and with the air gapped Coldcard (we will use PSBT, more on that later).

Again, we need to create a SEND transaction as before. Create a new payment description and follow the steps outlined above for signing with the hardware wallet you picked.

In this example, I’m picking Trezor + Coldcard.

Image for post
Image for post
Step 25. This time, it’s ok to send Max funds, but feel free to send a smaller amount. Press Pay & follow through to signing.
Image for post
Image for post
Step 26. Confirm the transaction on your hardware wallet.

This step is the same as we did in the first transaction, so I won’t post a play by play. If you get stuck, re-read steps 21 & 22.

After signing with the first hardware wallet, Electrum will ask you to sign with the Ledger (if you used Trezor first) or Trezor (if you used Ledger first).

BUT, we don’t want that option! We want to sign with the Coldcard!

So, hit No.

Image for post
Image for post
Step 27. Just Hit No.

That will take us back to the Transaction screen, where we can save the PSBT (Partially Signed Bitcoin Transaction) into a MicroSD card and then import it into our Coldcard for signing.

Notice the Transaction Status now has been updated from “Unsigned” to “Partially signed (1/2)”. This is because we already signed this transaction with one of the hardware wallets. We can not Broadcast the transaction until it has 2 signatures (remember, this is a 2 of 3 multisig).

We now have a Partially Signed Bitcoin Transaction, or PSBT!

Image for post
Image for post
Step 28. Partially signed transaction

Again, as reminder, the transaction has NOT been sent, because it does NOT yet have 2 of the 3 signatures.

In order to sign with Coldcard, we need to leverage the Coldcard’s ability to sign a PSBT in an air gap manner.

Next we will export PSBT from Electrum to Coldcard for signing air gapped:

Image for post
Image for post
Step 29. Export / For hardware device include xpubs / Export to file.
Image for post
Image for post
Step 30. Save the PSBT to your MicroSD.

Now we go to the ColdCard to sign the PSBT. Insert the MicroSD into the Coldcard.

Step 30. This is how you sign the transaction on your ColdCard:

Image for post
Image for post
Ready to Sign, press OK.
Image for post
Image for post
Scroll down and find your PSBT.
Image for post
Image for post
Since this is the first time the Coldcard sees a transaction from this particular multisig wallet, it offers you to create a new multisig wallet on the Coldcard. Accept (press OK).
Image for post
Image for post
Next it will sign the PSBT. Always verify amount and address match the intended values.
Image for post
Image for post
PSBT is now signed!

Now that Coldcard has signed the PSBT, we need to combine it with our Electrum PSBT (previously partially signed by the Trezor/Ledger) to be able to broadcast a singed transaction:

Image for post
Image for post
Step 31. Click on Combine / Merge signatures from.
Image for post
Image for post
Step 32. Next click on the File to Read File.
Image for post
Image for post
Step 33. From the Coldcard MicroSD, find the signed PSBT. Click Open.
Image for post
Image for post
Step 34. Now click Load Transaction.

MAGIC! The status of the Transaction is now “Signed”!!!

Image for post
Image for post
Step 35. Magic! We can now Broadcast the transaction.
Image for post
Image for post
Step 36. Payment Sent!

Now that we have successfully been able to spend funds by signing with each of our 3 hardware wallets, it is safe to transfer larger funds into the 2 of 3 multisig wallet. You have now upgraded your bitcoin security.

With Coldcard’s ability to sign a PSBT in an airgap (offline) manner, you never need to have 2 of your hardware wallets in the same location to be able to sign a transaction. You don’t even need internet access or a computer with you!

Remember to store your hardware wallets (and their backups) in secure, separate locations. The beauty of multisig wallets is you can have geographic redundancy and security, so take advantage of that!

fin.

I hope you have enjoyed this guide!

If you’d like to test sending funds from your new 2 of 3 multisig… or would like to buy me a beer or some tacos, I’m happy to accept some SATs:

on-chain BTC donations: https://tallyco.in/s/wlngw4/

lightning sats donations: https://strike.me/sundaywar