How to move permanent residences with bitcoin in 2-of-3 multisig

First published: 12/23/2022
| Last updated: 01/18/2023
| -- min read

Bitcoin allows a new degree of control over your wealth via private key ownership, and while you do need to physically store private key material, the nature of private keys as information makes “moving bitcoin” different from moving physical goods like gold or jewelry. Moving house with bitcoin is not physically moving the bitcoin (bitcoin lives on the blockchain). It’s ensuring your bitcoin keys are accessible and securely stored before the move, and ensuring those same keys are still accessible and securely stored after the move.

Here, we’ll cover how to move house—change permanent residences—while having your bitcoin secured in 2-of-3 multisig.

What you need to accomplish

Before we jump into the specifics, let’s take a high-level look at what you need to accomplish in this process. For the purposes of this article, we’ll assume you use 2-of-3 multisig and that you’re moving from a single primary residence to another. More complicated situations are outside the scope of this guide, and if you’re holding bitcoin in a singlesig wallet, this guide isn’t for you.

In most 2-of-3 multisig scenarios for securing bitcoin savings, your keys are ideally already distributed across multiple geographic locations, so moving will mean relocating one or more key items: seed phrases or hardware wallets. You might need to relocate items in a couple of different situations:

  • You need to relocate the private key items you have stored at your primary residence and move them to your new primary residence.
  • You may need to move bitcoin private key items that become less physically accessible as a result of your move. This is because security also involves the availability of access to funds. For instance, you may need to move a seed phrase stored in one bank branch to another to ensure it remains accessible.

Regardless of your specific circumstances, the goal of this guide is to help you ensure you have proper security in place before the move,  identify which items need to be physically relocated, and understand how to physically move them such that you don’t introduce single points of failure and put your bitcoin in jeopardy in the process.

How to move permanent residences with multisig bitcoin

1. Establish the current health of your key storage

Securely traveling with private key items is much more difficult if you don’t have good operational security best practices in the first place. Establishing proper opsec for your keys before you need to move can ensure your bitcoin are secure while you figure out a plan. The last thing you need while your life is going through a major change is to be worrying about movers, realtors, prospective buyers, or family compromising your bitcoin while in your home or handling your belongings.

In general, proper opsec for 2-of-3 multisig means geographically distributed keys stored in secure locations. For example, in a 2-of-3 multisig collaborative custody situation, you should already have 4 private key items geographically distributed and a multisig config file backed up in a password manager. The same principles outlined in our opsec guide for Unchained clients—geographically separating seed phrases and hardware wallets—apply whether or not you have a collaborative custody partner.

An example of keys distributed in 2-of-3 collaborative custody multisig.

Ensuring proper security first ensures that your bitcoin will not be vulnerable while non-trusted people are handling your private property or visiting your home. You may have gotten by with items co-located and insecure up to this point in your multisig journey, but the lengthy and exposing process of a move is a key event that could introduce higher risk for your bitcoin to be compromised!

2. Identify which private key items need to be moved

Next, you need to identify which private key items (either bitcoin hardware wallets or seed phrases) for your multisig setup need to be moved. Which items you need to move will be dependent on your existing security setup, but there are some overarching principles that you can use to help decipher this.

For instance, if you’re just moving across town, you might only need to move the item you store at home—not the items you store in a safe deposit box, with a trusted family member, or at a local bank. Conversely, if you’re moving internationally, it’s likely you’ll need to physically move most if not all the private key items in your self-custody setup. You may need to move the items you store at home as well as three or more items stored in other secure locations.

For most people using 2-of-3 multisig, moving house will—at a minimum—involve moving the private key item(s) located at their primary residence (one or more seed phrases or hardware wallets), so let’s start there and work our way to the most complicated situations.

If possible, move a single private key item securely

If your private key items are well distributed geographically (our recommendations have a maximum security model with just one seed phrase or hardware wallet secured at your primary residence), you can safely travel with one private key item on your person.

Assuming a 2-of-3 multisig setup with the other items properly secured and geographically distributed, there is no situation where traveling with a single seed phrase or hardware wallet can lead to compromised funds whether either by user error or malicious attack.

In 2-of-3 multisig, you can travel with one item in your personal belongings.

While traveling, you should ensure the seed phrase or hardware wallet is kept on your person or with your personal belongings for the entirety of the trip, and—especially if it is a seed phrase, which is the unencrypted key data—ensure it has not been tampered with.

Once you arrive at your destination, secure it at your new primary residence as you did previously. If you don’t need to relocate other private key items, you can move to the next step. If your move requires moving more than one item, keep reading.

Securely move multiple private key items separately

If you need to move multiple private key items, avoid moving items (hardware wallets or seed phrases) for two of three keys at the same time. Doing so exposes you to unnecessary risk while traveling.

If someone knew you were traveling with two of three keys, they could attempt to steal your funds by compromising both keys and your multisig configuration information. Additionally, if you don’t have proper redundancy for your keys (we recommend always physically storing seed phrase backups), traveling with items for two of three keys could also cause you to lose items such that you permanently lose your funds.

Avoid traveling with 2 keys in your physical possession at once.

Because of these risks, you should attempt to keep private key items that control different keys to a multisig wallet isolated from one another during your move. You could do this in multiple ways:

  • You could take multiple trips, each time carrying only one item on your person. This would arguably be the most secure approach as you can ensure private key items remain non-compromised at all times.
  • You could mail one item to your destination and travel with another item on your person. This has trade-offs and you should consider using a tamper-evident bag so that you know to conduct a key replacement if the key was compromised in transit. You may wish to conduct a key replacement once you arrive at your destination either way (see below).
  • You could have a trusted family member or friend travel with one item while you travel with the other.

Consider an example where you need to move a seed phrase for Key A currently stored at your home and a hardware wallet for Key B stored in a safe deposit box. You may choose to travel with your seed phrase for Key A on your person and choose to mail the hardware wallet for Key B to your destination. When you arrive, you can reestablish security for both items stored in separate locations.

If unsure, consider spending to a new multisig wallet established at the new location

If you need to move too many items or your items are prohibitively distributed such that moving them would be too expensive or time-consuming, you may choose to create an entirely new wallet and operational security setup, with new hardware wallets, and spend your bitcoin to the multisig wallet that those new keys control.

Before we get into the details, know that there are trade-offs for this approach: Transaction fees aren’t zero, you’ll be broadcasting a transaction publicly which has privacy implications, there’s always a non-zero risk when moving lots of bitcoin (be careful!), you’ll need to update and replace your wallet config file, and you must update any whitelisted addresses you have with exchanges.

If you decide this is the right approach for your situation, you first need to set up the new multisig wallet with proper operational security at your destination. You can create a new multisig setup using wallet software like Sparrow or Electrum or create a new vault in the Unchained platform. You need to initialize multiple hardware wallets, back up their seed phrases, construct a multisig address to use in the next step, securely store all private key items, and ensure you have a copy of your wallet config file stored digitally.

Then, you need to coordinate spending the funds from the old multisig wallet to the new one. There are many ways you can go about this:

  • You can sovereignly author a transaction that would require you to travel to the physical location of one or more of the old items, signing one at a time. Ideally, you should avoid co-locating items for two keys at any given time; tools with built-in support for bitcoin’s PSBT standard, such as the Unchained platform and most popular multisig wallet software, allow you to do this easily.
  • If you have a collaborative custody partner holding a minority of keys, you can travel with one key on your person while leaving all other private key items in their secure locations (i.e. three items in family member safes or safe deposit boxes in different locations). When you arrive at your destination, you can instruct your collaborative custody partner to countersign a transaction moving funds.

Once you have decided how you will go about collecting the necessary signatures (two in a 2-of-3 multisig), you should perform a test transaction sending bitcoin to the address controlled by your new multisig wallet. Ensure you have the ability to spend this bitcoin yourself before sending the full amount from your old wallet to the new one.

Sending bitcoin to this newly-created vault will render all previously-secured private key items useless and your funds will now be controlled by the new keys. You can safely cancel safe deposit boxes or instruct family members to dispose of private key items.

3. Ensure proper security of your new setup

Congratulations! Whether you’ve relocated by safely traveling with one private key item, relocated multiple private key items without co-locating them, or simply decided to start afresh and move all your bitcoin to a brand new multisig wallet with newly-secured items, you should now have your bitcoin controlled by keys that are reasonably accessible from your new permanent residence.

The final step is to ensure that your new multisig cold storage setup is secure. We recommend reading our operational security best practices guide for general principles that apply whether or not you use collaborative custody multisig. You should geographically distribute your hardware wallets and seed phrases, and properly back up your multisig configuration file.

If something goes wrong: Conducting a key replacement

If at any point during your move a private key item was lost or compromised, you should immediately begin considering the necessary steps for a key replacement. We previously published an extensive guide to help you determine if a key replacement is necessary and offer some pointers to conduct one to reestablish proper security.

How a key replacement works in 2-of-3 multisig.

Note that when you conduct a key replacement, you’ll be broadcasting a transaction publicly which can have privacy implications, you’ll need to update and replace your wallet config file, and you must update any whitelisted addresses you have with exchanges.

More multisig security best practices

Moving house with your bitcoin in multisig requires many considerations, but they’re just the beginning of things you need to take into account when you take control of your bitcoin keys. For instance, you should also consider seed phrase storage best practices, paper vs. metal seed phrase backups, proper security of your wallet config information, and UTXO management and its implications for privacy. You should also consider how you might pass your bitcoin on in the event of your demise. If you’re thinking of doing this by yourself, begin by understanding what’s legally required, or consider getting help from the experts.

Sign up to get notified for future blog articles.