TFTC logo/Bitcoin Products
Blog
Back to Blog
How to Set Up 2-of-3 Multisig with Bitcoin Keeper and Coldcard
·6 min read

How to Set Up 2-of-3 Multisig with Bitcoin Keeper and Coldcard

Step-by-step guide to creating a 2-of-3 multisig vault using Bitcoin Keeper and Coldcard hardware wallets for secure Bitcoin storage.

A 2-of-3 multisig setup means no single compromised device, stolen seed phrase, or forgotten password can drain your Bitcoin. You need two out of three keys to move funds, which eliminates the terrifying single point of failure that keeps self-custody users awake at night.

This guide walks through setting up a 2-of-3 multisig vault using Bitcoin Keeper as the coordination layer and Coldcard hardware wallets as two of your three signers. The result is an air-gapped security model where your keys never touch the internet.

What You'll Need

Before starting, gather:

  • Two Coldcard hardware wallets (Mk4 or Q models work well)
  • MicroSD cards for each Coldcard
  • A smartphone with Bitcoin Keeper installed
  • Paper or metal backup materials for seed phrases

Bitcoin Keeper serves as an open-source mobile vault that coordinates the multisig configuration and watches your addresses. The Coldcards hold two of your three keys in air-gapped cold storage. The third key can be a hot key within Keeper itself, or another hardware device if you prefer maximum security.

Step 1: Initialize Your Coldcard Devices

Start by setting up each Coldcard independently. Power on the first device, generate a new seed phrase, and write it down on paper or stamp it into metal. Repeat for the second Coldcard.

Each device should have a unique seed phrase. Never reuse seeds across devices, and store backups in separate physical locations. The entire point of multisig is geographic and device diversity.

Step 2: Export XPUBs from Each Coldcard

The extended public key (XPUB) allows Bitcoin Keeper to generate addresses and watch balances without having spending capability. On each Coldcard:

  1. Navigate to Settings > Multisig Wallets > Export XPUB
  2. Save the XPUB file to your microSD card
  3. Label the SD card clearly (e.g., "Coldcard A XPUB")

The Coldcard documentation recommends this air-gapped export method over USB connections for maximum security. You can also use QR codes if your Coldcard model supports them and you prefer that workflow.

Step 3: Create the Multisig Vault in Bitcoin Keeper

Open Bitcoin Keeper and navigate to the vault creation section. Select a custom multisig setup with M=2 and N=3 parameters.

You'll need to import the XPUBs from both Coldcards. If you exported to SD card, you can either:

  • Scan the XPUB data as a QR code from another device
  • Manually enter the XPUB strings (tedious but works)
  • Use an intermediary like Sparrow Wallet on a computer to transfer the data

For the third key, Bitcoin Keeper can generate a hot key within the app. This is convenient for signing routine transactions without touching your Coldcards. However, if you want all three keys in cold storage, you can import a third hardware wallet's XPUB instead.

Once all three XPUBs are entered, Keeper generates the wallet configuration file containing the multisig policy and derivation paths.

Step 4: Import the Configuration to Each Coldcard

For your Coldcards to sign transactions, they need to know about the multisig arrangement. Export the wallet configuration file from Keeper and save it to a microSD card.

On each Coldcard:

  1. Navigate to Settings > Multisig Wallets > Import from SD
  2. Select the configuration file
  3. Verify the details match what you set up in Keeper
  4. Confirm the import

Both Coldcards now recognize the multisig wallet and can sign PSBTs (Partially Signed Bitcoin Transactions) for it.

Step 5: Verify Addresses Match Across Devices

Before depositing any significant funds, confirm that all three devices show the same receiving addresses. Generate a receive address in Keeper, then check that each Coldcard can display and verify the same address.

If addresses don't match, something went wrong during setup. Do not proceed until you've identified and fixed the discrepancy.

Step 6: Test with a Small Transaction

Send a trivial amount of Bitcoin to your new multisig address. Then attempt to spend it, requiring signatures from two of your three keys.

The signing workflow:

  1. Create a transaction in Keeper
  2. Export the unsigned PSBT to SD card
  3. Insert the SD card into Coldcard A and sign
  4. Move the partially-signed PSBT to Coldcard B (or sign with Keeper's hot key)
  5. After two signatures, the transaction is complete
  6. Broadcast the fully-signed transaction

This air-gapped process using PSBT files via SD card keeps your Coldcard keys offline throughout the entire transaction.

Common Pitfalls to Avoid

Not testing recovery. Your backups are worthless if you can't actually restore the wallet. Practice recovering the multisig setup from seed phrases before depositing significant funds.

Storing backups together. If all three seed phrases are in the same location, a single disaster (fire, theft, flood) defeats the purpose of multisig.

Forgetting the configuration file. Seed phrases alone aren't enough to restore a multisig wallet. You need the wallet configuration file or at minimum the XPUBs and derivation paths of all cosigners. Keep encrypted copies in multiple locations.

Skipping firmware updates. Bitcoin Keeper's v2.0.1 update in February 2025 added Miniscript support for Coldcard, improving complex multisig compatibility. Keep your software and firmware current.

When Multisig Makes Sense

A 2-of-3 setup isn't for everyone. It adds complexity compared to a single hardware wallet, and that complexity can itself become a risk if you don't maintain proper documentation and backups.

This approach works well for long-term holders with meaningful amounts at stake, families wanting inheritance planning, or anyone who loses sleep over single points of failure. Bitcoin Keeper's built-in inheritance tools, including time-locked keys, can integrate with multisig for estate planning purposes.

For smaller holdings or users still learning self-custody fundamentals, a single Coldcard with a proper seed backup might be the smarter starting point. You can always upgrade to multisig later as your holdings and confidence grow.

Moving Forward

Once your 2-of-3 multisig is verified and tested, you have a Bitcoin storage solution that can survive the loss or compromise of any single key. One Coldcard gets stolen? You can still access funds with the remaining two keys. Keeper's hot key gets compromised through a phone hack? The attacker can't move coins without a Coldcard signature.

Document your setup thoroughly. Create a guide that explains where backups are stored, how to access them, and what steps are needed to recover or spend. Store this guide separately from the seed phrases themselves.

The goal isn't complexity for its own sake. It's removing the anxiety of wondering what happens if something goes wrong with a single key.