Multisig Wallets on TON: Choose & Set Up 2026
What a multisig wallet is, which TON solutions support it, and how to set up an M-of-N wallet step by step: key distribution, recovery, fees, and real use…
- Author
- TON Adoption Team · research desk
- Published
Contents16sections
- What multisig is and why it matters on TON
- Which solutions support multisig
- TON’s native multisig contract
- Wallets that can sign
- Community web tools
- Step-by-step M-of-N setup
- Step 1. Prepare N independent keys
- Step 2. Pick the M-of-N scheme
- Step 3. Deploy the contract
- Step 4. Fund the contract for gas
- Step 5. Run a test transfer
- Key distribution: where people usually slip
- Recovery and lost keys
- Fees and when multisig is overkill
- Typical use cases
- Bottom line
A multisig (multi-signature) wallet is one where sending a transaction needs signatures from several keys, not just one. On TON these wallets are used for family reserves, small-team treasuries, and simply to protect a large personal balance. This guide is practical: which solutions support multisig on TON in 2026, and how to stand up an M-of-N wallet step by step.
What multisig is and why it matters on TON
A regular wallet rests on a single seed. Steal it and the funds are gone. Lose it and access is gone. Multisig breaks that single point of failure: instead of one key there is a set of N keys, and executing a transaction requires collecting M signatures.
It is written as M-of-N:
- 2-of-3 — any two of three signatures. The most popular scheme: survives the loss of one key and the compromise of one key.
- 3-of-5 — for a team where a transfer should reflect a majority decision.
- 1-of-N — technically possible but nearly pointless: any single key can move the funds alone.
On TON, multisig is not a “wallet setting” — it is a separate smart contract. You deploy the contract, write the participants’ addresses and the M parameter into it, and from then on every transaction goes through an approval round. That is a key difference from seed-based wallets: a multisig contract has no single seed phrase that can be lost in one shot.
Which solutions support multisig
As of 2026 there are several paths in the TON ecosystem. Exact feature names and availability change between versions — below is the general map; confirm the details in your current app.
TON’s native multisig contract
TON has a standard multisig contract supported at the ecosystem level. It is the base building block that wallets and web tools sit on top of. The advantage is transparency: the logic is open and identical no matter which interface you use to operate it.
Wallets that can sign
- Tonkeeper — as of 2026 it can create a multisig and act as a signer. Convenient when participants already use Tonkeeper.
- MyTonWallet — supports working with multisig contracts as one of the signers. Verify the feature set in the current release.
We compared the base wallets in our roundup of the best TON wallets 2026 — multisig is a layer on top of choosing the base app.
Community web tools
There are dedicated dashboards that let you deploy a multisig contract, add signers, draft transfer requests, and collect approvals in one interface. They are handy for a team treasury because they show the “how many of the required signatures are collected” status. Before using a third-party tool, always confirm it works with the open standard contract rather than a proprietary scheme.
Step-by-step M-of-N setup
Below is a generic order of operations. The exact buttons depend on the tool you pick, but the logic is the same everywhere.
Step 1. Prepare N independent keys
Each signer is a separate TON address with its own seed. Create them in advance and on different devices / with different people. If all keys live on one phone, multisig protects against nothing — stealing the device cracks everything at once.
For the cold backup key in a 2-of-3 scheme, a hardware wallet is a good fit — see our guide to connecting Ledger to a TON wallet.
Step 2. Pick the M-of-N scheme
- Personal reserve: 2-of-3 (phone + laptop/second phone + cold backup).
- Family: 2-of-3, with the third key stored separately for emergencies.
- Team of 3–5: 2-of-3 or 3-of-5 depending on how critical transfers are.
The basic math: the higher M, the safer, but the easier it is to lock the funds if keys are lost. The slack of N minus M is how many keys you can lose and still keep access.
Step 3. Deploy the contract
In your chosen tool, create the multisig contract: enter the addresses of all N signers and the M parameter (the approval threshold). After confirmation, the contract gets its own address — that is where you send funds, and that is what appears in the explorer.
Step 4. Fund the contract for gas
The contract must hold a small TON balance to pay gas for executing transactions. Send a token amount on top of what you plan to store — otherwise the very first request will fail for lack of fee funds.
Step 5. Run a test transfer
Before parking a large balance, run the full cycle on a tiny amount:
- One signer drafts a transfer request.
- The others open it in their wallets and approve.
- Once M signatures are collected, the transaction executes automatically.
Make sure every participant can find and sign a request. This is a rehearsal best done calmly, not in the middle of an urgent transfer.
Key distribution: where people usually slip
A multisig is only as good as the independence of its keys. Common failures:
- All keys with one person. Then it is not a multisig, just an expensive regular wallet.
- All seed phrases in one cloud. One account breach and the threshold is bypassed. On doing it right, see secure seed phrase storage practices.
- No geographic separation. For families and teams, keep at least one key physically elsewhere.
A healthy 2-of-3 layout: a hot key on your work device, a second on a trusted person’s separate phone, and a third as a cold backup in a safe.
Recovery and lost keys
The biggest upside of multisig comes with a new responsibility. Scenarios:
- One key lost (2-of-3). Funds are safe: the remaining two are enough to sign. But your slack is gone — rotate the set: move funds to a fresh contract with the lost key replaced.
- One key compromised. An attacker alone can do nothing, but don’t wait: evacuate funds to a new contract before they socially engineer a second signature.
- M keys lost at once. This is the lockout scenario. That is exactly why you shouldn’t inflate M needlessly, and why the backup key must be genuinely separate.
The general principle for recovering seed wallets is covered in our complete TON wallet recovery guide — for a multisig it applies to each signer key individually.
Fees and when multisig is overkill
Each approval is a separate on-chain operation, so collecting M signatures costs more than a single transfer. The contract also holds a gas balance. Practical takeaways:
- For rare large transfers (treasury, reserve) the overhead is negligible and the security is worth it.
- For frequent micro-payments, multisig is awkward: the delay of collecting signatures and the fees eat the point. Keep an operating float in a regular wallet and the main balance in the multisig.
Typical use cases
- Personal cold reserve. 2-of-3 with one hardware key — a large balance stays safe even if your phone is stolen.
- Family wallet. Spouses plus a cold backup: no single person moves funds alone, but if one loses access the others are not locked out.
- Small-team treasury. 3-of-5 protects against a single insider and against losing one device. We cover the theory of team security in more depth in our piece on multisig for teams.
Bottom line
Multisig on TON is not a setting but a separate contract that you deploy, populate with signers, and fund for gas. Start with 2-of-3, spread the keys across different devices and people, run a test transfer, and keep your main balance in the multisig with an operating float in a regular wallet. That buys you the one thing that matters: a single lost key no longer equals lost funds.
Frequently asked
How is a multisig wallet different from a regular one?
Which M-of-N scheme should I choose?
Does Tonkeeper support multisig?
What about fees in a multisig?
Related
- WalletsJan 5, 2026
Multi-sig on TON 2026: security for corporate funds
How TON multi-sig works, what multisig-contract-v2 is, what interfaces exist for deployment and signing, typical configurations for teams and DAOs.
- WalletsMay 16, 2026
Wallet V5: what's new and should you migrate
TON Wallet V5 contract explained: extensions, gasless transactions, batch transfers, security trade-offs and a step-by-step migration plan from V4 in 2026.
- SecurityMar 1, 2026
Secure seed phrase storage: 2026 practices
How to write down, split and store a TON wallet seed phrase in 2026 — paper, metal, hardware wallets, and Shamir Backup schemes in practice.
- WalletsApr 7, 2026
How to connect Ledger to a TON wallet: guide 2026
Step-by-step setup for Ledger Nano S Plus and Nano X with Tonkeeper and MyTonWallet. Installing the TON app, importing the account, common errors and fixes.
- WalletsFeb 13, 2026
Best TON wallets in 2026: tested picks by use case
TON wallet showdown 2026: Tonkeeper, MyTonWallet, Wallet, Tonhub, Bitget. Security, Ledger, DeFi access, RU/EU rules. Which one wins for your use case.