Build

Individuals

Community

DeFi

Build

Individuals

How to Secure your account with Native 2-of-3 Multisig

How to Secure your account with Native 2-of-3 Multisig

What Is Multisig and Why Should You Care?

WARNING: THIS IS AN ADVANCED USER LEVEL TUTORIAL. UPDATE YOUR KEYS AND PERMISSIONS AT YOUR OWN RISK. CONTACT SUPPORT FOR ASSISTANCE HERE.

If your entire crypto security hinges on one device, one password, or one phrase… you're one accident away from disaster.

Multisig; short for multi-signature — is a method of requiring multiple keys to authorize a single transaction. Instead of a single point of control (and failure), you distribute authority between multiple wallets or devices.

It’s like those classic bank vaults in spy movies: two security officers must turn their keys simultaneously to open the door. If one keyholder isn’t present, the vault stays shut.

Multisig brings this level of redundancy and safety to your onchain assets. Whether you're an individual safeguarding long-term holdings or a team managing shared resources, multisig is one of the most powerful tools in your crypto security stack.

Why XPR Network Gets It Right (and Others Don’t)

On most blockchains like Ethereum, multisig functionality isn’t built into the account system. Instead, users have to rely on external smart contracts like Gnosis Safe to simulate multisig behavior.

That means:

  • You’re depending on a third-party service to manage your funds

  • If the contract fails, gets hacked, or goes offline… you’re stuck

  • You’re paying gas fees every time you interact with it

XPR Network flips this on its head.
Every account is already a smart contract with configurable, onchain permissions, including multisig.

  • No third-party contract dependencies

  • No need to deploy or interact with a separate app

  • No gas fees

  • Just update your account’s permissions and you're good to go

Multisig is not an add-on… it's a core protocol-level feature, native to every XPR Network account.

What We’re Setting Up

We’re going to lock down an account called safemaster using a 2-of-3 multisig.

This means:

  • Three independent signer accounts:

    • mysafe1

    • mysafe2

    • mysafe3

  • Any two out of those three are required to approve actions from safemaster

This is the same multisig structure used by DAOs, custody services, and blockchain treasuries. Now, you’re setting it up in a few clicks… fully native, fully free.

Step-by-Step: Set Up Your 2-of-3 Multisig on XPR Network

Step 1: Create Signer Accounts with WebAuth.com

NOTE: You are welcome to use three existing accounts for this msig setup, but for this particular tutorial we are creating new accounts to keep it easy to understand.

Go to https://webauth.com and create three new accounts:

  • mysafe1

  • mysafe2

  • mysafe3

Pro tip: Use simple names so you remember their purpose as these are your safekeepers or signers.

During creation:

  • Write down each seed phrase and store them offline

  • Do NOT keep all three in one place - that literally defeats the purpose

  • Store each seed in a different secure location (safe, vault, safety deposit box, etc.)

  • Select YubiKey as the device type (see below)

Step 2: Add a YubiKey to Each Signer Account

To clarify, you do not need a YubiKey to complete this tutorial, you can use any three signer wallet accounts and authorize the transactions using any signing method you like including the WebAuth Wallet mobile app.

While creating each mysafeX account on WebAuth:

  1. Plug in your YubiKey

  2. Create a WebAuth.com account with that YubiKey

  3. Label the physical key with the account name (e.g., “mysafe1”)

  4. Attach it to a keyring and store it somewhere secure

Why YubiKey? It’s hardware-level security — phishing-resistant, portable, and ultra-secure.

Each signer account should be completely isolated, with its own device, its own key, and its own physical backup.

Step 3: Update Permissions on Your Main Account (safemaster)

Now that your signers are ready, it’s time to set up the multisig.

  1. Go to https://explorer.xprnetwork.org

  2. Sign in with your main account safemaster

  3. In top menu, click Wallet then in the left sidebar click Keys and Permissions

  4. Switch to the Advanced tab

  5. Find the active permission and click open the drop down and edit

  6. Set the Threshold to 2 (this means you need 2 of 3 signers to approve a transaction)

  7. Remove the existing Key by clicking the X (on the right)

  8. Click Add Account three times and add your signer accounts:

    • 1 mysafe1 active

    • 1 mysafe2 active

    • 1 mysafe3 active

    (Follow the screenshot guide below)

  9. Click Save and Approve

You’ve now configured your account to require any two of the three signers to authorize every action from safemaster

Step 4: Test Your Multisig Setup

Always test before relying on it.

  1. Log into the explorer with one signer (e.g., mysafe1)

  2. Go to the transfer tool by clicking on Wallet in the top menu bar

  3. Click the account drop down top right and make sure the multisig mode is enabled

  4. Choose the token and enter an amount to transfer then click Transfer, it will take you to msig mode

  5. Under Authorization, in the 'actor' field; enter the master account safemaster and for the 'permission' field; enter active

  6. Under Data, change the 'from' field to the master account safemaster

  7. Ensure the 'to' and 'quantity' fields are accurate

  8. Type a 'Proposal Name' or simply leave it as random

  9. Under Requested Approvals, press the green circle + button so that you have three fields (if these are automatically filled out, jump to step 11)

  10. Enter the three signers mysafe1 mysafe2 mysafe3, one in each Actor field and set the Permission to be active

  11. Click Propose button at the bottom of the page and authorize the transaction with your mysafe1 YubiKey.

  12. Below the Successful Transaction message, you will be given a link to your msig, click that.

  13. Click the account drop down top right and make sure the multisig mode is disabled

  14. As one of your signer accounts eg mysafe1, click on Approve and sign the transaction

  15. You will see that one of the Requested Approvals on your msig has been Approved

  16. Log into a second signer (e.g., mysafe2) and approve the transaction

  17. Once two approvals are in, you can click the Execute button and sign the transaction

  18. Transaction is complete and you can move on to Securing the Owner Permission (Final Step)

If the transaction only executes after two signers approve, your vault is working exactly as intended. Try it for yourself, try to Approve the msig with only one signer and click Execute… you will get an error message like "assertion failure with message: transaction authorization failed" in red text instead of the Transaction Successful message in green.

Securing the Owner Permission (Final Step)

Even after securing your active permission with multisig, your account is still vulnerable if someone has access to your owner seed phrase or private key. The owner permission can override everything… including your multisig.

On XPR Network each account has two permission levels. owner and active.

  1. active permission is like the user level permissions on an operating system

  2. owner permission is like the root level admin account on an operating system

Because owner permission is the parent of active permission, it can overwrite any child permissions. We must apply the same msig setup to the owner permission that we did to the active permission so that even if someone finds your seed phrase for this account they cannot complete any action unless 2-of-3 signers Approve the transaction.

To fully lock down your account, you should replace the single-key owner permission with the same 2-of-3 multisig structure.

Step 5a: Import Your Owner Key into Anchor Wallet

  1. Download Anchor Wallet (desktop or mobile): https://greymass.com/anchor

  2. Select "XPR Network" as the primary blockchain network

  3. Click on Manage Wallets, then Import Account(s) and Import an existing Account

  4. Click on Import Manually, enter Account Name eg safemaster and enter owner as the Permission Name

  5. Finally under Private Key paste your private key associated with your current owner key (from the original seed phrase, you will need to convert your seed phrase to a private key here)

If you created your account using WebAuth, your owner key is derived from your original 12-word seed phrase. So you should go to the explorer https://explorer.xprnetwork.org and click on Wallet, then Utitlites, then Format Keys and in the third field paste your Mnemonic (seed phrase) and click Format.

This is your private key, which has the same power as seed phrase so do NOT share it.

Step 5b: Use Anchor to Update the Owner Permission

Once you’re logged into Anchor with safemaster@owner, go to https://explorer.xprnetwork.org:

  1. Click the account dropdown (top right) and Add Account, choosing Anchor Wallet to connect to the explorer instead of WebAuth Wallet.

  2. Navigate to Wallet from the top menu again, then Keys and Permissions

  3. Click Advanced

  4. Edit the owner permission and set the Threshold to 2 just like we did for active permission earlier

  5. Remove the old key and add the same multisig accounts:

    • 1 mysafe1@active

    • 1 mysafe2@active

    • 1 mysafe3@active

  6. Click Save

  7. Authorize the transaction; Anchor will prompt you to sign with owner

Step 5c: Confirm the New Owner Multisig Is Active

Once the transaction is confirmed:

  • Visit your permissions page to verify the owner permission now uses accounts (not keys)

  • Test proposing a transaction from owner to confirm it requires 2 of 3 approvals

Only proceed once you've safely tested and confirmed the change. From this point forward, your owner key is obsolete and your account is fully secured by multisig.

Final Thoughts: Secure Like a Pro

Setting up multisig might feel like overkill - until the day you need it.

Whether you're guarding a personal vault or managing shared funds, native multisig on XPR Network gives you institution-grade protection with:

  • No third party contracts to trust

  • No fees to pay

  • No apps to maintain

  • Just built-in, battle-tested, onchain security

Take the time now to secure your account the right way. You’ll sleep better knowing that even if one device is lost, stolen, or compromised - your assets remain safe, untouched, and under your control.

Please Note: Use Anchor Wallet and Multisig wallet setup at your own risk. Neither XPR Network, its developers or validators are responsible for any actions taken by its users.

Coming Next

We’ll turn this guide into a hands-on video walkthrough.
Stay tuned.

The XPR Newsletter

Second To Layer None

The XPR Newsletter

Second To Layer None

The XPR Newsletter

Second To Layer None

Subscribe to our newsletter for the latest development updates, bounties, product launches + more.