Skip to content
Since EPOCH V. Block 840,000.
Shop Bitcoin Australia Shop Bitcoin Australia Guides
Shop →

Set Up a 2-of-3 Multisig with Sparrow Wallet

Learn how to build a 2-of-3 multisig Bitcoin vault using Sparrow Wallet and three hardware signers — the gold standard for serious self-custody in Australia.

Self-Custody advanced 60 min read #multisig#sparrow#self-custody

Multisig is not for everyone. If you’re just starting out, a single hardware wallet with a properly backed-up seed phrase is dramatically better than leaving bitcoin on an exchange — and multisig is overkill until your holdings warrant the complexity. Read Hardware Wallet Setup and Self-Custody Basics first.

Still here? Good. A 2-of-3 multisig vault is the setup serious bitcoiners reach for when a single point of failure is no longer acceptable. One device stolen, lost, or destroyed? Your coins are safe. One seed plate floods? Still safe. One manufacturer gets hacked? Safe. Any two of your three keys can move funds — and all three would be required for an attacker to take everything.

By the end of this guide you’ll have a live 2-of-3 multisig vault in Sparrow Wallet, three independently backed-up seeds on metal, a saved output descriptor (the most critical file you’ll ever create), and the confidence to run your first signing ceremony. Budget an uninterrupted hour in a private space.

What you’ll need

  • Three hardware wallets from different manufacturers — e.g. Coldcard Mk4, BitBox02 Bitcoin-only, and SeedSigner
  • Three metal seed backup plates — one per device
  • Sparrow Wallet installed on a dedicated computer (download from sparrowwallet.com)
  • MicroSD cards — one per airgapped device (Coldcard requires this; SeedSigner uses QR)
  • A pen, labels, and access to at least two secure offsite locations

Step 1 — Understand what you’re building (read this)

A 2-of-3 multisig vault has three components working together:

  1. Three independent signers — each holds one private key (seed). They never see each other’s seeds.
  2. Three extended public keys (xpubs) — Sparrow combines these to derive your vault’s addresses. No funds are at risk from sharing xpubs.
  3. The output descriptor — a single file that encodes all three xpubs and the 2-of-3 quorum rule. This file is your vault’s DNA. Without it, your seeds alone cannot reconstruct which addresses belong to you. Coins would be permanently unrecoverable.

Warning: Multisig recovery requires both enough seeds (any 2-of-3) and the output descriptor. Back up the descriptor in at least two geographically separate locations. This is non-negotiable.

Step 2 — Initialise all three hardware wallets

Before touching Sparrow, fully set up each hardware device independently:

  1. Coldcard: Follow Coldcard’s official setup to generate a seed, verify the words on the device screen, and stamp them onto your first metal plate. Do not skip the PIN anti-phishing words check.
  2. BitBox02: Use the BitBox App to initialise, back up your seed to the second metal plate. Verify with the BitBox02’s touch screen.
  3. SeedSigner: Generate entropy on the device (dice rolls preferred — at least 50 rolls for 256-bit entropy), note the 12 or 24 words, stamp onto your third metal plate.

Each device must have its seed recorded on metal before you export any xpubs. If a device dies during setup, you can restore from the metal plate and re-export.

Tip: Label each metal plate clearly — “Signer A — Coldcard”, “Signer B — BitBox02”, “Signer C — SeedSigner”. Label each hardware device to match.

Step 3 — Export the xpub from each device

You need each device’s extended public key (xpub) at the m/48'/0'/0'/2' derivation path — the standard for native SegWit multisig (P2WSH).

Coldcard (microSD export):

  1. Insert the microSD card into Coldcard.
  2. Navigate to Advanced > MicroSD Card > Export Wallet > Generic JSON.
  3. Enter account 0 when prompted.
  4. The device writes coldcard-export.json to the SD card. Eject and keep.

BitBox02:

  1. Connect via USB to the BitBox App.
  2. In the BitBox App, go to the multisig section and export the xpub for the m/48'/0'/0'/2' path, or use Sparrow’s direct import (see Step 4 — Sparrow will request it live over USB).

SeedSigner:

  1. On SeedSigner, load your seed.
  2. Navigate to Scan > Sign with SeedSigner — or use Export Xpub from the seed tools menu.
  3. Select Native Segwit Multisig (m/48'/0'/0'/2').
  4. SeedSigner displays an animated QR code — you’ll scan this in Sparrow.

Step 4 — Create the multisig wallet in Sparrow

  1. Open Sparrow. Go to File > New Wallet.
  2. Name it something memorable — e.g. Vault-2of3.
  3. In the Policy Type dropdown, select Multi Signature.
  4. Set the M (required signers) to 2 and N (total signers) to 3. You’ll see three keystore tabs appear.
  5. Leave the Script Type as Native Segwit (P2WSH) — this is the most widely supported and lowest-fee multisig script type.

Now add each signer in turn. Click keystore tab “1”:

  • Coldcard → Click Airgapped Hardware Wallet > Coldcard > Import File…, select coldcard-export.json from the SD card.
  • After import, verify the Master Fingerprint shown in Sparrow matches what Coldcard displays under Advanced > View Identity.

Click keystore tab “2”:

  • BitBox02 → Click Connected Hardware Wallet, plug in the BitBox02, click Scan…. Sparrow will detect the device and pull the xpub directly.

Click keystore tab “3”:

  • SeedSigner → Click Airgapped Hardware Wallet > SeedSigner > Scan…, then hold SeedSigner’s animated QR up to your webcam until Sparrow reads all frames.

Once all three keystores show a green fingerprint, click Apply. Set a wallet file password when prompted — this encrypts the .sparrow file on disk.

Tip: After clicking Apply, Sparrow will show your wallet’s first receive address. Don’t send anything yet — first save the descriptor.

Step 5 — Save the output descriptor immediately

This is the single most important step in the entire guide.

  1. In Sparrow, go to Settings > Export (or File > Export Wallet).
  2. Export the wallet descriptor as a file — typically a .json export. Sparrow also lets you display it as a QR code for airgapped backup.
  3. Save this file in at least two places:
    • One copy on an encrypted USB drive stored at Location A (e.g. home safe)
    • One copy on a separate encrypted USB drive stored at Location B (e.g. safe deposit box or trusted family)
  4. Optionally print it and store alongside your descriptor USBs — the descriptor is text and can be re-imported from paper if needed.

Warning: Do NOT store the descriptor with any individual seed plate. If an attacker finds “Signer A’s seed + the descriptor”, they only need one more seed to steal your funds. Keep descriptor copies and seed plates in separate locations.

The descriptor looks like this (abbreviated):

wsh(sortedmulti(2,
  [a1b2c3d4/48'/0'/0'/2']xpub6...Coldcard.../0/*,
  [e5f6a7b8/48'/0'/0'/2']xpub6...BitBox02.../0/*,
  [c9d0e1f2/48'/0'/0'/2']xpub6...SeedSigner.../0/*
))

That string — plus any two seeds — is everything needed to recover your vault.

Step 6 — Verify your backup plan before receiving a single satoshi

Map out your geographic distribution before funding anything. A solid 2-of-3 layout looks like:

LocationContents
Home safeSigner A device + Signer A seed plate + Descriptor copy 1
Offsite (safe deposit box)Signer B device + Signer B seed plate + Descriptor copy 2
Second offsite (trusted family)Signer C device + Signer C seed plate

Tip: You don’t need all three devices accessible day-to-day. Store two offsite and keep one at home for routine signing — as long as you can retrieve any second device within a reasonable timeframe for larger moves.

Confirm your backup matrix:

  • All three seed plates verified (words readable, no errors)
  • Output descriptor saved in two separate locations
  • Master fingerprints noted per device and stored with the descriptor
  • You can locate any two of the three devices independently

Step 7 — Receive your first test transaction

  1. In Sparrow, click Receive in the left-hand sidebar.
  2. Verify the address format starts with bc1q (native SegWit P2WSH addresses start with bc1).
  3. Send a small test amount — $10–$20 AUD worth of bitcoin is enough.
  4. Wait for at least one confirmation (roughly 10 minutes on average; ~100 minutes if fees are low and mempool is busy).
  5. Confirm the transaction appears in Sparrow’s Transactions tab with the correct amount.

Your vault is now funded. Do not send more until you’ve completed a test spend (Step 8).

Step 8 — Run your first signing ceremony (test spend)

Send the small test amount back to an exchange or another wallet you control. This proves the full signing flow works before you rely on it for serious holdings.

  1. In Sparrow, click Send.
  2. Enter a destination address, label it "Test spend — signing ceremony", set an appropriate fee.
  3. Click Create Transaction, then Finalise Transaction for Signing.

Now sign with Device 1 (e.g. Coldcard):

  1. Click Sign next to the Coldcard keystore entry.
  2. Select Save Transaction to export the PSBT (Partially Signed Bitcoin Transaction) to microSD.
  3. Insert the microSD into Coldcard. Navigate to Ready to Sign and approve the transaction details on the Coldcard screen. Coldcard writes the signed PSBT back to SD.
  4. In Sparrow, click Load Transaction and import the Coldcard-signed PSBT.

Sign with Device 2 (e.g. BitBox02):

  1. Click Sign next to the BitBox02 keystore. With USB connected, Sparrow pushes the PSBT to the BitBox02 App — approve on the device screen.

  2. Sparrow now shows 2 of 2 required signatures (or similar). The transaction is fully signed.

  3. Click Broadcast Transaction. Sparrow submits it to the network.

  4. Confirm the transaction appears confirmed in both Sparrow and a block explorer (e.g. mempool.space).

Tip: SeedSigner signing uses animated QR codes — Sparrow displays a QR of the PSBT, SeedSigner scans it, signs it, and displays a return QR that Sparrow scans back. No wires, no SD card required.

Step 9 — Label everything and document your setup

Before you walk away:

  1. In Sparrow, label every UTXO and address you create. This saves confusion during future signing ceremonies.
  2. Write a one-page recovery document (not digital — physical, stored with each descriptor copy) that covers:
    • Wallet name and quorum: 2-of-3 multisig, native SegWit
    • Device names, brands, and master fingerprints
    • Location of each seed plate
    • Location of each descriptor copy
    • Where to download Sparrow Wallet
    • Instructions: “Any two seeds + the descriptor file = full recovery”
  3. Store one copy of the recovery document at each descriptor location.

Step 10 — Periodic health checks

Multisig is not set-and-forget. Schedule an annual review:

  • Power on each hardware device and verify it still boots and recognises its seed.
  • Confirm you can locate all three seed plates and both descriptor copies.
  • Open Sparrow and verify the wallet loads correctly.
  • Check whether any firmware updates are available for your devices (review release notes for security fixes).
  • If a device has reached end-of-life or been discontinued, replace it — generate a new seed on a fresh device, rebuild the multisig with the new xpub, migrate funds, and re-backup.

Troubleshooting

Sparrow shows “Keystore fingerprint mismatch” after import The exported JSON does not match the currently loaded seed on the device. Re-export the xpub from the device and re-import in Sparrow. Check the device screen for the correct master fingerprint under identity settings.

Transaction shows “0 of 2 signatures” after device signing The PSBT was not saved correctly back from the device. On Coldcard, ensure you navigated to Ready to Sign and saw “Signed” confirmation before ejecting the SD card. Re-sign from the saved PSBT in Sparrow.

SeedSigner QR scan fails in Sparrow Ensure your webcam has adequate lighting. Increase screen brightness on SeedSigner. Keep the device still and within 15–30 cm of the webcam. Try reducing ambient glare on the SeedSigner screen.

“Can’t find my wallet” after reinstalling Sparrow Sparrow stores wallet files locally. Copy the .sparrow file from your backup (or recreate the wallet from the descriptor: File > Import Wallet). If you encrypted the wallet file, you’ll need the file password.

BitBox02 not detected in Sparrow Ensure the BitBox02 App is not already open — it holds an exclusive USB lock. Close the BitBox App and retry in Sparrow. On Linux, you may need to install udev rules per the BitBox02 documentation.

What’s next

Frequently Asked Questions

What happens if I lose one of my three hardware wallets?

Nothing — that's the point. With a 2-of-3 setup you need any two devices to sign. You can recover your remaining two devices, reconstruct the lost signer from its seed backup, and bring the vault back to full health.

What is the output descriptor and why is it so important?

The output descriptor is a file that encodes all three public keys and the quorum rule (2-of-3) that defines your multisig wallet. Without it, even if you have all three seeds, software cannot reconstruct which addresses belong to your vault. Back it up in at least two locations, separate from your seeds.

Can I mix hardware wallet brands?

Yes — and you should. Using devices from three different manufacturers (e.g. Coldcard, BitBox02, SeedSigner) means a firmware bug or supply-chain compromise in one brand cannot drain your funds. Sparrow supports all of them.

Is multisig right for me?

Probably not yet, unless your holdings are substantial or you have specific inheritance and geographic separation needs. Single-signature with a quality hardware wallet and proper seed backup covers most Australians well. Multisig adds complexity: if you lose the output descriptor and have poor seed backups, coins can be lost permanently.

Can I do this airgapped (no USB)?

Yes. Sparrow supports fully airgapped operation via QR codes (SeedSigner, Passport) or microSD card (Coldcard). In this guide we use the airgapped path where possible since it is the most secure option.

What does 'signing ceremony' mean?

A signing ceremony is the deliberate process of physically retrieving your hardware signers, one by one, and approving a transaction on each. With 2-of-3 multisig you only need two devices. It sounds formal — and it should be. Treat each signing as a security event.