Bitcoin Multisig Explained: How 2-of-3 Keeps Your BTC Safe

Multisig (short for multi-signature) is a security model where more than one private key is needed to authorise a Bitcoin transaction. Rather than relying on a single key — which creates a single point of failure — multisig distributes trust across multiple keys. It's widely considered the gold standard for securing significant amounts of Bitcoin.

How Evoke's 2-of-3 model works

Evoke Vault uses a 2-of-3 multisig configuration. Three keys exist, and any two are required to sign a transaction:

  • Key 1 — Your hardware key. A hardware wallet you control (such as a Coldcard, Trezor, or Ledger).
  • Key 2 — Your second key. Another device or key you hold, which can be a second hardware wallet or generated through the Evoke app.
  • Key 3 — Evoke's recovery key. Held by Evoke for recovery purposes only. We cannot move your Bitcoin unilaterally — a second key is always required.

Why 2-of-3 multisig matters

If you lose one key, you can still access your Bitcoin using the remaining two. If a thief steals one key, they cannot access your funds without a second. This is the same security model used by leading Bitcoin custody providers and institutions worldwide. Read more about what happens if you lose a key.

How multisig compares to single-key wallets

A single-key wallet is vulnerable to a single point of failure. If your hardware wallet breaks, is lost, or is stolen — and you don't have a seed phrase backup — your Bitcoin is gone. Multisig eliminates this risk by distributing the security across multiple devices, locations, and (optionally) parties.

Built on Caravan: Evoke Vault is built on the open-source Caravan multisig coordination software, not a proprietary system. This means your funds are never locked into Evoke's platform.

Related: Learn about our non-custodial architecture and how to set up your first multisig vault.

Did this answer your question? Thanks for the feedback There was a problem submitting your feedback. Please try again later.