Multisig and why custody is the question that matters
Who can move the money, and how many people have to agree? That is custody.
The single-key problem
If one private key controls a project's treasury or its upgrade rights, then one person, one phished laptop, one leaked seed phrase, is all it takes to lose everything. Single-key custody has drained more value in crypto than clever exploits have. It is the boring risk that keeps winning.
How a multisig fixes it
A multisig wallet requires several keys to approve a transaction, say three of five signers. Now no single person can move funds alone, and losing one key does not lose the treasury. The configuration matters. A two of three held by the same three founders is better than one key, but it is not real distribution of power.
What to look for
Find out what controls the treasury and the contract upgrade rights. Is it a multisig? What is the threshold? Are the signers independent, or all insiders? For larger protocols, look for a timelock, a delay between a decision and its execution, so users can react before a malicious change lands.
- Custody is the core question: who can move the money.
- Single-key control is the most common way funds vanish.
- A multisig spreads control, but the threshold and signer independence matter.
- Timelocks give users a window to react to changes.
FAQ
There are five authorized keys, and any transaction needs at least three of them to approve it. No single signer can act alone.
It is safer than a single key, but not a guarantee. If all signers are the same insiders, control is still concentrated.