Sign in Subscribe

Safe Multi-Signature Wallet: A Smarter and Safer Vault Than Cold Wallets

許明恩

許明恩

6 min read
Safe Multi-Signature Wallet: A Smarter and Safer Vault Than Cold Wallets

GM,

Blocktrend is currently participating in the "Loving on Public Goods" funding initiative. A big thank you to the 21 readers who have already contributed with small donations. The campaign will conclude on Saturday, February 15, so feel free to participate and support Blocktrend, DHK dao, GreenSofa, and ArchiveHK. Now, let's get into the main topic.

At the end of 2024, I realized that I had lost the seed phrase for my frequently used cold wallet. Fortunately, the hardware itself was still functioning properly. Taking advantage of the Lunar New Year holiday, I gradually transferred my assets from the cold wallet to a more secure Safe multisig wallet.

Wait—doesn’t the internet always say that cold wallets are the safest option? In this article, I’ll explain why a multisig wallet is actually more secure than a cold wallet. Safe, a leading multisig wallet, currently manages over $100 billion in assets, making it one of the most critical infrastructures in the Ethereum ecosystem. Even Vitalik Buterin keeps over 90% of his ETH in a Safe wallet. However, Safe was not originally designed as a product for the general public—it started as a simple tool that an engineer built for personal use.

Accident

Rewind to 2017—the team behind Safe, then known as Gnosis, introduced the idea of an on-chain prediction market and launched an ICO for the GNO token. At the time, the ICO market was booming, and within just 10 minutes of going live, Gnosis raised the equivalent of $12 million in ETH.

But how should such a massive amount of funds be managed? Back then, there were no wallets or asset management processes designed specifically for organizations. So, Stefan George, co-founder of Gnosis, rolled up his sleeves and wrote his own approval process—thus creating the multisig wallet.

When Stefan George open-sourced the multisig wallet’s code, it unexpectedly gained widespread popularity. The team soon realized that many people knew Gnosis not for its prediction market but because of this unintentional yet highly useful multisig wallet. As a result, in 2018, the Gnosis team launched a new product line dedicated to the multisig wallet, naming it Gnosis Safe (later rebranded to Safe).

Just last week, MetaMask announced that users can now pay gas fees with tokens other than ETH. However, Safe had already introduced this feature back in 2018. The difference was that, at the time, most people didn’t even have a crypto wallet, let alone an advanced multisig setup. Even in 2025, multisig wallets are still considered a deep technical topic. Personally, it wasn’t until this year that I truly got the hang of it 1. I’d argue that a multisig wallet is a safer option than a cold wallet because it introduces the concept of defense in depth, a strategy widely used in military security.

Defense in Depth

Recently, I read A Hacker’s Mind by cybersecurity expert Bruce Schneier—an absolutely fascinating book! He argues that security systems relying purely on technology often fail because they overlook human complexities and fail to leverage social defense mechanisms, making them prone to single points of failure. Although the book has nothing to do with blockchain, it perfectly illustrates why cold wallets are not as secure as people think.

Why is that? Let’s first examine how cold wallets protect assets. Many people have a flawed understanding of cold wallets, assuming that the USB device (or card) is the core of its security—meaning that if it’s lost, the assets are gone forever. However, in reality, the seed phrase backup is just as important as the hardware device itself—neither can be missing.

If the physical buttons on a cold wallet fail, the seed phrase allows you to regain control of your assets. But the moment you enter the seed phrase into another wallet, the original cold wallet loses its security advantage. Yet, how many people actually understand that both the device and the backup are equally crucial? Take a look at the diagram below to see what I mean.

Many people have unopened cold wallets sitting at home. Why buy them but never use them? The main reason is fear—fear of making a mistake. That’s why major cold wallet manufacturer Trezor launched a $99 one-hour, one-on-one online training session to ensure users set up their cold wallets correctly. This highlights a key issue: the security of a cold wallet largely depends on the user. If they make a mistake, their assets are at risk.

Bruce Schneier points out that the most effective defense systems are not built on a single perfect barrier but rather on multiple complementary layers of security. Each layer has a specific function, and even if one is breached, the others continue to provide protection.

Take a bank vault as an example. Its defense-in-depth strategy includes: Physical isolation (thick walls)/ Access control (bank managers)/ Surveillance systems (security cameras)/ Process design (controlled entry procedures)/ Social reputation (employee background checks). Anyone attempting to break into a vault must overcome these diverse security measures, making it extremely difficult to succeed.

In other words, building a secure system starts with accepting that breaches will happen, rather than chasing the fantasy of an impenetrable wall. The problem with cold wallets isn’t that they have technical vulnerabilities—it’s that their design treats human error as an exception rather than the norm. Not only must every user handle them flawlessly, but manufacturers also have to provide training just to ensure people don’t make mistakes. Relying entirely on user perfection is itself a security risk. Multi-signature wallets, on the other hand, handle this much better.

Common Sense in Design

Humans are naturally skilled at building trust networks and supporting each other. Multi-signature wallets take advantage of this by embedding human nature into their design. For example, I can create a 3-of-2 multi-signature wallet, meaning there are three signers, and a transaction will go through as long as two out of three approve. This setup provides a buffer—even if one signer is unavailable or a system fails, the wallet remains functional.

In the past, these signers had to be crypto wallets, which created a high barrier to entry. The good news is that Safe recently introduced a feature that allows Passkeys to act as signers. If, in the future, email, SMS, or even national digital ID systems could serve as multi-signature signers, the chances of losing access to all of them at once would be extremely low. This is a more resilient approach to security design.

Vitalik once wrote that the best wallets should protect against two types of risks: external attacks and user mistakes. In one of his articles, he illustrated this concept with a simple chart, mapping centralized exchanges, traditional wallets, and smart wallets in terms of their security trade-offs.

Interestingly, Vitalik has revealed that over 90% of his ETH is stored in a Safe multi-signature wallet 2. Even someone as technically proficient as Vitalik recognizes that the biggest risk is himself and that security should not rely solely on technology. This perfectly aligns with Bruce Schneier’s argument that a robust security system requires layers of protection, not just a single technical safeguard.

Multi-signature wallets are shaping up to be the long-term security model for Ethereum. The upcoming Ethereum Pectra upgrade in March 2024 will introduce a significant feature: it will allow traditional wallets like MetaMask to upgrade into smart wallets without migrating assets, enabling them to adopt some of Safe’s functionalities. You can wait for the system upgrade, or you can proactively migrate your assets now, like I did, and get a head start on experiencing the full capabilities of a smart wallet.

In the past, people hesitated to adopt crypto not just because of scams and hacks but also due to the fear of making irreversible mistakes. Cold wallets operate like strict drill sergeants, demanding that users never lose their private keys. In contrast, smart wallets assume key loss is inevitable and introduce social recovery mechanisms. The key difference? Instead of relying on big tech companies like Google or Facebook to help you recover your wallet, you establish your own network of trusted individuals.

I used to believe that private keys were the ultimate form of security, even though their usage felt completely counterintuitive. But after reading When Trust Breaks Down by Bruce Schneier, I’ve come to realize that private keys are merely a technical safeguard. The most secure system isn’t just technologically advanced—it’s the one that aligns with human nature and builds a multi-layered, complementary defense network.

Subscribe

1. Getting Started with SAFE Multi-Signature Wallet: The Most Trusted Smart Contract Wallet

2. 2025 Major Events Timeline: FTX Repayments, Ethereum Upgrades, and U.S. Regulatory Easing

Read more