You are reading an excerpt from our free but shortened abridged report! While still packed with incredible research and data, for just $20/month you can upgrade to our FULL library of 50+ reports (including this one) and complete industry-leading analysis on the top crypto assets.

Becoming a Premium member means enjoying all the perks of a Basic membership PLUS:
- Full-length CORE Reports: More technical, in-depth research, actionable insights, and potential market alpha for serious crypto users
- Early access to future CORE ratings: Being early is sometimes just as important as being right!
- Premium Member CORE+ Reports: Coverage on the top issues pertaining to crypto users like bridge security, layer two solutions, DeFi plays, and more
- CORE report Audio playback: Don’t want to read? No problem! Listen on the go.
Multi-Signature Wallet
Multi-signature (AKA multi-sig) is a type of security model and digital signature scheme that requires users to provide multiple keys to authorize access to or transact with secure digital assets. Such a transaction must be signed by a threshold of participants in order to be valid, similar to how some legal or financial documents require a co-signer or multiple authorizations across different mediums. The wallet owner can decide how many signatures are required for a transaction to be valid.
Multi-signature schemes have numerous benefits, including dividing up responsibility for possession of a digital asset among multiple people, heightened security by eliminating a single point of failure, and a solution for wallet recovery in the case of someone losing their private key. The primary benefit is that security is shared among numerous individuals. Even if your computer and hardware wallet are stolen, you are still safe because other actors are needed to move funds if properly set up. Your crypto will remain secure even if your seed phrase is hacked, akin to a safe deposit box that requires multiple keys. In the same line, it is imperative that every person with multi-sig duties comprehends the significance of private keys/seed phrases and can be relied upon with this responsibility.
Multi-party Computation (MPC)
Multi-party computation is a solution for securing data among several participants in a private manner. It allows many parties, each with their own private data, to verify the final computation without revealing their own secret portion of the data. Each participant in an MPC possesses a piece of confidential information. Typically, one entity owns one part of a cryptographic key that can move funds or change code.
MPCs shard a private key into many segments, with each individual possessing a portion of the private key. When signing a transaction, a subset of MPC nodes must independently sign the transaction and communicate it to the larger group. In order to sign transactions, each participant inputs their secret portion and a public input (the message to be signed) to generate a digital signature. Then, anyone with access to the public key should be able to validate and verify the signatures. Since the key shares are pooled and the signature is generated off-chain, an MPC wallet transaction cannot be distinguished from a typical private key wallet.

Even if a bridging protocol has a limited quantity of relayer nodes, the relayers can be chosen at random from the pool of candidates to create the multi-party computing (MPC) group. To authorize a cross-chain transaction, the protocol can require a minimum number of relayers to come together and sign the message before any action can be taken. The greater the threshold of an MPC group, the less likely it is that relayer groups will collude.
MPC also guarantees that if a number of parties inside the group decide to disclose information or depart from the protocol's instructions during execution, the MPC will not allow them to coerce the honest parties into outputting an inaccurate result or leaking confidential information.
MPC Strengths
- No single failure point
- Flexible/Configurable Signing Schemes
- Detailed Controls Around Access and Signing
- Easier Recovery
MPC Drawbacks
- Off-chain Coordination and Accountability: Off-chain management of signing policies and approval quorums make MPC setups susceptible to centralized failures not applicable to regular cold storage.
- Incompatible with the majority of conventional wallets, such as Ledger and Trezor, due to the absence of a seed phrase or complete private keys on a single device.
- MPC algorithms are not standardized; therefore, institution-grade secure devices like the iPhone SEP and HSMs do not natively allow bespoke implementations. MPCs are mostly niche, custom-made products with closed-source libraries.
Threshold Signature Schemes (TSS)
Threshold Signature Schemes (TSS) involve a subset of trusted nodes participating in key generation (and signature) events. MPC requires that more than one entity/node/validator is necessary to control the wallet's contents. TSS is a subset of MPC. TSS enables multiple entities to collaboratively generate a key and signature rather than just one party. After the key is generated, no single entity ever has access to the full key and cannot sign without the cooperation of the others. TSS is comprised of two values: n/t, where n is the number of nodes required to generate a signature, and t is the total number of entities involved.
Additional Safety Measures and Crypto Security
Most of these below, as well as much, much more, can be found here.
- Use 2FA (not SMS-based): 2-Factor Authentication (2FA) is used to ensure accounts are protected by more than a password but need an additional randomly generated code or device to grant access.
- How to Set Up Google Authenticator
- How to restore access to your accounts if you lose/destroy your device w/ Google Authenticator (2FA)
- Whitelisting of addresses is often used by businesses to ensure funds can only be sent to previously approved addresses. This forces a hacker to gain access to both the wallet and the mechanism that manages this list.
- Bookmark your favorite/most frequented sites
- Use a password manager
- Use burner wallets/addresses, especially when interacting with a new protocol for the first time
- Geographical distribution of these keys and/or participants to protect against physical attacks
- Cold storage
- A crypto vault has a built-in, predetermined delay when you try to move funds. This is also known as a timelock. It prevents cryptocurrency from being moved until a certain amount of time has passed.
- Yubi keys or other security hardware
- What to do if you signed a scam transaction
- Don’t link a device to your home address
- Buy with cash if possible
- Use separate email
- Have “crypto computer”
- Use a VPN
- Use Brave or Firefox Browser
- Be mindful when you give a website or extension permission to access things like your camera, location, plugins, etc., in the future.
- Audit your Chrome Extensions: Remove extensions you don’t use, don’t need, don’t trust.
- If you do use Chrome, follow these instructions:
Visit chrome://settings/content and ensure the following settings:
- [x] Unsandboxed plugin access: Ask when a site wants to use a plugin to access your computer.
- [x] Location: Ask before accessing
- [x] Camera: Ask before accessing
- [x] Microphone: Ask before accessing
- [x] Flash: Block sites from running Flash
- [x] Popups: Blocked