Multisig Recovery Planner
Enter your private keys or seed phrases. At least M keys are required for recovery.
Recovery Simulation Results
Key Takeaways
- Recovery works as long as you have the requiredMprivate keys and the wallet’s output descriptor.
- 2‑of‑3 and 3‑of‑5 are the industry‑standard configurations; they balance security and recoverability.
- Export the descriptor and back up every key (seed, hardware, or mobile) right after setup.
- Most providers let you recover with desktop software like Sparrow; the steps differ by service.
- A checklist and regular drills cut recovery time from hours to minutes.
When a single signing device dies or a service goes offline, a multi‑signature (multisig) wallet can feel like a locked vault. The good news? You don’t have to lose your coins if you prepared the right pieces. This guide walks you through the exact ingredients you need, the universal steps that work across providers, and the quirks of major wallets such as Theya, Nunchuk, BitPay, and Casa. By the end you’ll know how to pull off a clean recovery in under 30minutes-provided you’ve done the homework in advance.
What a Multi‑Signature Wallet Actually Is
Multi‑signature wallet is a type of cryptocurrency wallet that requires more than one private key to authorize a transaction. It spreads trust across devices or people, so losing one key doesn’t mean losing access. The most common setups are 2‑of‑3 (two keys out of three needed) and 3‑of‑5 (three out of five). These configurations follow BIP67 for deterministic ordering, BIP48 for P2SH‑SegWit, and the newer BIP129 for descriptor handling.
Core Pieces You Must Keep Secure
- Private keys or seed phrases for each signer (hardware, mobile, or desktop).
- Output descriptor is a text string that encodes the script type, derivation paths, and the exact multisig layout. Without it, software can’t reconstruct the script.
- Recovery software that understands the descriptor-Sparrow Wallet (v1.7.3) is the de‑facto tool.
- Optional: BSMS file (Nunchuk’s export format) that bundles keys and descriptor in one JSON file.
Universal Step‑by‑Step Recovery Flow
- Gather the required keys. For a 2‑of‑3 setup you need any two of the three seed phrases or hardware devices.
- Locate the output descriptor. It’s usually stored in the wallet’s backup folder or can be exported from the mobile app. Look for a line starting with
desc=. - Install a compatible desktop wallet. Download Sparrow Wallet (a Bitcoin wallet that supports BIP48 and BIP129) on Windows, macOS, or Linux.
- Import the descriptor. In Sparrow go toFile→Import Descriptor, paste the full string, and confirm the network (mainnet or testnet).
- Import the private keys. Use the “Import Keys” button, paste each seed or xprv, and mark them as “watch‑only” until you sign.
- Create a transaction. Select the UTXOs you want to spend, add the destination address, and set the fee.
- Sign with each available key. Sparrow will prompt you for each key; after the requiredMsignatures the transaction is ready.
- Broadcast the signed transaction. Click “Broadcast” and verify on a block explorer that the tx is confirmed.
That’s the baseline. Specific providers add shortcuts or extra steps, which we compare next.
Provider‑Specific Recovery Methods
| Provider | Typical Config | Key Sources Needed | Descriptor Export Method | Average Time for Experienced User | Key Pitfalls |
|---|---|---|---|---|---|
| Theya | 2‑of‑3 | Any 2 seed phrases or hardware wallets | Export via mobile app → "Share descriptor" (QR or text) | ~20minutes | Descriptor format can be confusing for beginners |
| Nunchuk | 3‑of‑5 | Any 3 of 5 keys; BSMS file contains all | Automatic BSMS export (JSON) - must be saved before loss | ~15minutes | Recovery fails if BSMS not exported beforehand |
| BitPay | 2‑of‑2 (each copayer has own seed) | Both 12‑ or 24‑word phrases | Each copayer provides their phrase; no descriptor export | 30‑45minutes (requires coordination) | Support cannot restore lost phrases |
| Casa | 3‑of‑5 (mobile, desktop, hardware) | Two devices for normal recovery, three for full sovereign recovery | Keymaster app exports descriptor + keys on demand | ~25minutes | Full recovery needs all three keys; many users skip the third |
| Ownbit | 2‑of‑3 (manual) | Two seed phrases + manual UTXO selection | No descriptor; users construct raw transaction via CLI | 30‑45minutes (requires technical skill) | High chance of error for non‑technical users |
Best Practices to Make Recovery Smooth
- Back up every seed in metal. Metal plates survive fire, water, and corrosion-Jameson Lopp calls them a “must‑have.”
- Export the output descriptor immediately. Store it in an encrypted PDF or a password‑protected USB drive.
- Test your recovery once a year. Run through the steps with a small amount of testnet Bitcoin.
- Standardize on BIP48/BIP129. It guarantees that Sparrow, Specter, and other tools can read your descriptor.
- Keep a “recovery checklist” handy. A printed one avoids hunting for files in a crisis.
Recovery Preparation Checklist
- Write down each seed phrase on a metal plate.
- Save the output descriptor in two separate locations (e.g., encrypted USB + cloud with 2‑FA).
- Export a BSMS (or equivalent) file if your provider supports it.
- Install Sparrow Wallet on a secure computer and verify it runs.
- Perform a test recovery using a low‑value testnet wallet.
- Store the checklist in a fire‑proof safe.
Common Pitfalls and How to Avoid Them
Missing descriptor. Without it you can’t rebuild the script. Always treat the descriptor as a “blueprint” for your wallet.
Using the wrong derivation path. A mismatch (e.g., m/84'/0'/0' vs m/44'/0'/0') leads to empty balances. Double‑check the path in your backup file.
Relying on a single service. If BitPay loses your seed, you’re stuck. Keep an independent copy of all keys.
Skipping hardware signer firmware updates. Older firmware may lack BIP129 support, making recovery impossible on older devices.
When to Call for Expert Help
If you have fewer than the requiredMkeys, even the best tools cannot recover funds. In that case, you’ll need to negotiate with co‑signers or, if that’s impossible, accept the loss. For technical roadblocks-like descriptor parsing errors-consider reaching out to community forums (Bitcoin Stack Exchange, GitHub repos) or hiring a reputable crypto security consultant.
Frequently Asked Questions
What is an output descriptor and why do I need it?
An output descriptor is a text string that tells a wallet how the multisig script is built-its script type (P2SH, P2WSH, P2TR), derivation paths, and the list of public keys. Importing the descriptor into a compatible desktop wallet recreates the exact address set and enables signing with the right keys.
Can I recover a 3‑of‑5 wallet with only two keys?
No. The thresholdMmust be met. With a 3‑of‑5, you need any three of the five private keys (or their seed backups) plus the descriptor. Two keys are insufficient for a full spend.
Do hardware wallets need a firmware upgrade to support BIP129?
Most modern hardware (LedgerNanoSplus, TrezorModelT) already include BIP129 support. If you’re on an older model, check the vendor’s release notes and flash the latest firmware before attempting recovery.
Is it safe to store the descriptor in a cloud drive?
Only if you encrypt it with a strong password and enable two‑factor authentication on the cloud account. Treat the descriptor like a private key-exposure can let an attacker craft a spending transaction once they also getMkeys.
What should I do if I lose one seed but still have the descriptor?
You can still recover as long as you have the remainingM‑1seeds. Import those seeds and the descriptor into Sparrow, sign with the available keys, and broadcast. If you fall below the threshold, the funds are unrecoverable.
With the right backups, a clear descriptor, and a tested process, multisig wallet recovery is a safety net, not a nightmare. Keep this guide bookmarked, run the checklist yearly, and you’ll stay in control of your crypto even when hardware bites the dust.
