Part 1: Protect your Bitcoin with an Electrum Multisig wallet, with Coldcard, Ledger, and Trezor!
For Part 2, which covers how to build a multisig for native segwit (bech32 addresses, click here!
If you own Bitcoin, it is your responsibility to keep it safe. Hardware wallets offer a great way to protect your funds, but multi signature wallets elevate your security even further.
Undoubtedly, the three best hardware wallets in the market are Coldcard, Ledger, and Trezor. There are pros & cons for each, and competition among them is fierce. This is great, it makes all of us bitcoiners safer. This post will not take sides or pick a winner as to which hardware wallet is the best. (There is lots of discussion online on this already.) Ultimately, as consumers it’s best to have multiple strong security options.
If however, like many bitcoiners, you’ve been stressing out when trying to pick which hardware wallet is best for your multisig, here’s some good news:
A great thing about multi signature wallets is that you don’t need to choose only one hardware wallet provider. By using all three hardware wallet manufacturers in a multi sig wallet, even if a major vulnerability or flaw is discovered in one of the wallet providers, your bitcoin will still be safe.
The rest of this guide will walk you through creating a 2 of 3 multi signature wallet using Coldcard, Ledger, and Trezor on Electrum on legacy addresses.
How do you create a bitcoin 2 of 3 multi sig wallet on Electrum?
WARNING! To recover funds in the future you will need EITHER all 3 hardware wallets, or 2 wallets + all 3 master public keys (XPUBS), or 2 wallets + an Electrum wallet backup file.
NOTE: In Part 1, we will create a multisig wallet using Coldcard fully airgapped. Due to compatibility issues with Electrum, this method only works with legacy (p2sh) addresses. For native segwit (p2wsh, bech32) addresses and for p2wsh-p2sh addresses, please read Part 2!
Now, for Coldcard, we do NOT want to use the “Cosign with hardware device” option as we did in the past (that would require us to connect the ColdCard to the computer).
Since we want to use Coldcard fully air gapped, we will instead import the Coldcard’s public key (XPUB). Hit Next.
We now move over to our air gapped Coldcard (plugged into a portable battery, never to a computer). We need to export our wallet details from your Coldcard onto our MicroSD card:
On to the ColdCard:
Press OK a few times and the XPUB will be saved into your MicroSD.
Now insert the MicroSD into your computer and open the newly created XPUB file (your Coldcard wallet fingerprint is on the file name):
Now, let’s add some tiny amount of funds to make sure we can actually spend from this wallet. DO NOT SEND a large amount of bitcoin until we can verify we can sign from all 3 of our hardware wallets!
Transfer funds from another wallet.
Now, let’s make sure we can send funds out.
ALWAYS make sure you can actually sign from a wallet before you transfer large amounts of funds into your wallet!
We will go through 2 withdrawal tests. First signing with the Trezor & Ledger (that have been plugged into the computer), and later with either of those plus the Coldcard.
For the first test transaction, let’s label it as a test to confirm we can sign with the first two hardware wallets. Don’t withdraw all the funds, save some funds for the second withdraw test too.
In this case, I got a warning as the fee represents a large % of the funds I’m sending. Maybe I was too cheap with my test transaction! We’ll just ignore the warning and proceed.
Electrum will ask you to insert & sign with each of the 2 hardware wallets:
Let’s start with Trezor.
Step 22. This is how you sign the transaction on your Trezor:
Once Trezor has signed, we will sign with Ledger. Electrum will ask you to insert Ledger:
Step 24. This is how you sign the transaction on your Ledger:
OK, that wasn’t so bad! Now, the next test involves signing with EITHER of the Trezor or Ledger, and with the air gapped Coldcard (we will use PSBT, more on that later).
Again, we need to create a SEND transaction as before. Create a new payment description and follow the steps outlined above for signing with the hardware wallet you picked.
In this example, I’m picking Trezor + Coldcard.
This step is the same as we did in the first transaction, so I won’t post a play by play. If you get stuck, re-read steps 21 & 22.
After signing with the first hardware wallet, Electrum will ask you to sign with the Ledger (if you used Trezor first) or Trezor (if you used Ledger first).
BUT, we don’t want that option! We want to sign with the Coldcard!
So, hit No.
That will take us back to the Transaction screen, where we can save the PSBT (Partially Signed Bitcoin Transaction) into a MicroSD card and then import it into our Coldcard for signing.
Notice the Transaction Status now has been updated from “Unsigned” to “Partially signed (1/2)”. This is because we already signed this transaction with one of the hardware wallets. We can not Broadcast the transaction until it has 2 signatures (remember, this is a 2 of 3 multisig).
We now have a Partially Signed Bitcoin Transaction, or PSBT!
Again, as reminder, the transaction has NOT been sent, because it does NOT yet have 2 of the 3 signatures.
In order to sign with Coldcard, we need to leverage the Coldcard’s ability to sign a PSBT in an air gap manner.
Next we will export PSBT from Electrum to Coldcard for signing air gapped:
Now we go to the ColdCard to sign the PSBT. Insert the MicroSD into the Coldcard.
Step 30. This is how you sign the transaction on your ColdCard:
Now that Coldcard has signed the PSBT, we need to combine it with our Electrum PSBT (previously partially signed by the Trezor/Ledger) to be able to broadcast a singed transaction:
MAGIC! The status of the Transaction is now “Signed”!!!
Now that we have successfully been able to spend funds by signing with each of our 3 hardware wallets, it is safe to transfer larger funds into the 2 of 3 multisig wallet. You have now upgraded your bitcoin security.
With Coldcard’s ability to sign a PSBT in an airgap (offline) manner, you never need to have 2 of your hardware wallets in the same location to be able to sign a transaction. You don’t even need internet access or a computer with you!
Remember to store your hardware wallets (and their backups) in secure, separate locations. The beauty of multisig wallets is you can have geographic redundancy and security, so take advantage of that!
I hope you have enjoyed this guide!
If you’d like to test sending funds from your new 2 of 3 multisig… or would like to buy me a beer or some tacos, I’m happy to accept some SATs:
on-chain BTC donations: https://tallyco.in/s/wlngw4/
lightning sats donations: https://strike.me/sundaywar