ShopWhen you decide to set up a multisig configuration to custody your bitcoin, you face a decision: do you hold all three keys yourself, or do you let a trusted third party hold one as a recovery backstop?
That choice separates solo multisig from collaborative custody. In solo multisig, you manage all three signing devices independently, assuming a 2-of-3 multisig arrangement. In collaborative custody, a service holds one key on your behalf, which is less than what is required to unilaterally spend your bitcoin.
What is Collaborative Custody?
Collaborative custody is a 2-of-3 multisig arrangement where you hold two of the three keys and a third-party service holds the remaining one. The service's key cannot form a spending quorum on its own.
The most important distinction is that collaborative custody is not the same as holding bitcoin on an exchange. At an exchange, the institution holds all keys and you rely on the exchange to continue operations and act in good faith in order to access your bitcoin.
At a collaborative custody service, you hold 2 of 3 keys, meaning the service cannot authorize a transaction on its own. For routine spending, you sign with your two keys and the service key plays no role. It only becomes relevant if you lose one of your own keys, at which point you contact the service, complete identity verification, and it countersigns to help you move funds to a new wallet.
If the service closes, your two keys still work and your funds remain accessible, though you lose the recovery backstop.
Two platforms currently lead this model.
-
Unchained Capital holds one key and you hold two. You can spend at any time without Unchained's involvement. If you lose a key, Unchained acts as the recovery cosigner after identity verification. KYC is required as part of onboarding.
-
Casa uses a similar 2-of-3 structure, with a mobile app signing key option. Recovery is handled through identity verification. Structured inheritance support is included. KYC is also required as part of onboarding.
Collaborative custody supports different quorum configurations, but the critical factor is whether you personally hold enough keys to spend without cooperation from anyone else. If another party holds a controlling share of keys, they have effective control over your bitcoin.
There are also multi-institutional arrangements where no single party holds a quorum, but this means you do not have unilateral control either and are accepting counterparty risk, which may be an acceptable tradeoff for institutional holders.
What is Solo Multisig?
Solo multisig means all three keys are yours. You purchase three hardware signing devices, distribute them across three separate locations, back up the wallet descriptor, and manage recovery independently.
No service can be compelled to reveal your xpub, and no KYC database links your identity to your wallet.
What solo multisig requires:
-
Three hardware signing devices, ideally stored at three geographically separate locations.
-
Three seed phrase backups, each secured at its respective location.
-
The wallet descriptor backed up separately from all seed phrases and treated as a fourth critical backup item.
-
A recovery test before significant funds are deposited. Confirm the wallet can be fully reconstructed from seeds and descriptor alone, without any of the original devices.
Coordinator software handles the watch-only layer. Applications like Sparrow or Electrum construct transactions and build PSBTs but hold no private keys.
Solo multisig is operationally more demanding than collaborative custody. Managing three devices across three locations, maintaining the descriptor backup, and designing inheritance for heirs who may not be technically sophisticated requires deliberate planning. For users prepared to do that work, the benefit is that there is zero counterparty risk involved.
Inheritance must be self-designed. Heirs need to know the quorum structure, have access to at least two keys, and possess the descriptor. Leave clear written instructions.
The Key Tradeoffs
The right model depends on how you weigh counterparty exposure against operational complexity.
| Dimension | Collaborative Custody | Solo Multisig |
|---|---|---|
| Keys you control | 2 of 3 | 3 of 3 |
| Spend without 3rd party | Yes, your 2 keys are sufficient | Yes, you hold all 3 |
| 3rd party can spend alone | Never | N/A |
| KYC required | Yes | No |
| Annual cost | Service fees plus hardware | Hardware only |
| Hardware required | 1 to 2 signing devices | 3 signing devices |
| Recovery if 1 key lost | Service-assisted with identity verification | Self-managed using 2 remaining keys |
| Inheritance support | Structured via service | Self-designed |
| Counterparty risk | Low but present | None |
| Technical complexity | Medium | High |
The counterparty risk in collaborative custody is not theft. The service structurally cannot steal your funds. The risk is operational: if the service closes, you lose the recovery backstop, and if the service is breached or compelled by a government, your identity may be linked to your wallet through the KYC database. Your funds remain secure. Your privacy may not.
KYC is the privacy trade-off. For users who do not want their identity linked to an xpub in any third-party database, that is the cost.
"Assisted recovery" is the counterweight. For users who worry about losing a key, or whose heirs are not prepared to manage a self-designed recovery process, having a structured service to call is valuable.
Which Model is Right for You?
Both models are legitimate. The decision turns on how you weigh technical confidence against recovery simplicity, and whether the KYC and counterparty exposure of a collaborative service are acceptable.
Collaborative custody is worth considering when:
-
Holdings are significant but managing three hardware wallets independently feels operationally overwhelming
-
Inheritance planning needs a structured solution that does not require heirs to be technically sophisticated
-
You are starting with one or two signing devices and want multisig-level security without purchasing a third immediately
-
KYC with a reputable service is acceptable and the privacy trade-off is understood
Solo multisig is the right choice when:
-
Zero counterparty exposure is a firm requirement
-
KYC with any custody service is not acceptable
- You have the technical confidence to manage three devices, geographic distribution, descriptor backup, and self-designed inheritance
- The stack is large enough to justify the full hardware investment
For users who want app-quality UX without any company key holding, Nunchuk provides coordinator software and a polished workflow while the user retains all keys.
Coldcard works in both setups. It integrates directly with Unchained via xpub export for collaborative custody, and is the most commonly used signing device in self-managed Sparrow-based multisig.
Related articles
What is Bitcoin Multisig?
The foundational multisig concept both models build on, covering the m-of-n threshold and the output descriptor requirement.
2-of-3 Multisig Explained
The self-sovereign multisig option in detail, covering quorum design, key distribution, and recovery from key loss.
The Spectrum of Bitcoin Custody Options
Where both models sit on the custody spectrum, from exchange accounts to full self-sovereign multisig.
What is a Hardware Wallet?
The signing device layer that supports both collaborative and solo multisig setups.