Skip to main content
T TON Adoption
RU
← Glossary
NODE/03 · Term

Multisig

Smart-contract wallet that requires several keys to sign a transaction under an M-of-N scheme. Common for DAOs, corporate treasuries, and hardened personal asset storage on TON.

Aliases: multi-signature, multi-sig wallet

Multisig (multi-signature wallet) is a wallet in which a transaction requires not one but several signatures at the same time. The configuration is described as M-of-N: the wallet has N total owners, and any M of them must sign in order to confirm an operation (for example, 2-of-3 or 3-of-5).

How it works on TON

On TON, multisig is not a protocol-level primitive but a smart contract. When you set up a multisig wallet, a contract is deployed on chain that hard-codes:

  • The list of signer addresses (N keys).
  • The threshold M — the minimum number of signatures required to execute an operation.
  • The lifetime of pending requests (after which an unconfirmed transaction expires).

A signer initiates an action (say, a jetton transfer). The contract stores it as a pending request. Other signers open their wallet, see the pending request, review the details, and add their signature. Once M confirmations are collected, the contract executes the transaction itself.

Reference multisig contracts in the TON ecosystem are open source, audited, and reused by both wallet apps and projects writing their own FunC/Tact integrations.

Use cases

  • DAOs and funds. A DAO treasury under multisig is industry standard. No single member can move funds unilaterally.
  • Corporate wallets. A startup team can hold its treasury on a 3-of-5 multisig with CEO, CTO, CFO, plus two backup keys on cold media.
  • Joint family or partnership assets. Spouses, business partners — any situation that demands shared control.
  • Hardened personal security. A user splits three keys across phone, laptop, and a hardware wallet. Compromising one device is not enough — the attacker needs at least two.
  • Tonkeeper Multisig — a built-in Tonkeeper module for creating and managing multisigs. Supports inviting co-signers, listing pending requests, and push notifications on new approvals needed.
  • Open-source multisig contracts — reference implementations in the TON SDK repository, used as a base by integrators.
  • Enterprise solutions such as TonAccess provide custom multisigs with bespoke policy logic for institutional clients.

Trade-offs

  • Gas is higher. Every signature is a separate message into the network. A 2-of-3 multisig transfer costs noticeably more gas than a plain wallet send.
  • UX is slower. You cannot press “send” and walk away. You have to wait for the other signers, which can take hours or days in a distributed team.
  • Recovery is harder. Lose more than N-M keys at once and the wallet becomes unmanageable. That is why teams keep buffer keys on hardware media.
  • Hardware support is limited. Most hardware wallets (Ledger) do not natively understand TON multisig — they are typically used as signers via the Tonkeeper desktop client acting as a bridge.

Multisig is the foundation of serious on-chain treasury operations and the only practical way to split control over assets among multiple parties without relying on an intermediary.

Related terms