The first question every serious project asks us about treasury custody is the same: multi-sig or MPC?
The answer is "it depends," but the variables are concrete enough that you can decide without hand-waving. This piece is the framework we use when we run a Wallet Setup engagement.
What each one is
Multi-signature wallets are smart contracts. They require m of n signatures from designated signers before a transaction executes. The dominant implementation on EVM chains is Safe. On-chain, the wallet is a smart contract address; everyone can see its signers, threshold, and full transaction history.
MPC (multi-party computation) wallets use cryptographic protocols to split a single key into shares held by multiple parties. The shares jointly compute a signature without ever assembling the key in one place. On-chain, the wallet is a normal externally-owned address (EOA); nobody can see how the signing was done.
These are different mechanisms with different failure modes. Choosing between them is choosing between different threat models, not picking the "more secure" option.
Where multi-sig wins
On-chain transparency. Every signer, every threshold change, every transaction is visible on-chain. Auditors, community members, and your own future self can verify the state. For a DAO treasury, this transparency is non-negotiable.
Smart-contract-native features. Modules, recovery contracts, time-locked operations, role-based access, transaction simulation in the front-end, Safe's ecosystem is mature.
Operational legibility. A 4-of-7 multi-sig with a documented signer list is easier to explain to investors, regulators, and a court than a "threshold MPC scheme with 5 of 9 share-holders."
Audited at scale. Safe is the most-used and most-audited multi-sig contract in production. The vulnerabilities affecting Safe-based treasuries are almost never in the contract, they are in operational mistakes, signing UX, or social engineering.
Where MPC wins
Chain-agnostic. MPC produces a normal signature, which means it works on every chain, Bitcoin, Solana, Cosmos chains, Tron, every EVM L2. Multi-sig requires a chain that supports smart contracts, and even then each chain has its own contract version. For custodians who hold assets on many chains, MPC is operationally cheaper.
Privacy of signing structure. The threshold and signers are not visible on-chain. For institutional custody, this is sometimes a feature.
Rotation without changing the address. Refreshing key shares does not change the wallet address. This is genuinely useful for institutional operations that issue static deposit addresses to clients.
Higher signing throughput. MPC signing is sub-second; multi-sig requires a quorum of signers to interact with the contract over time. For high-frequency operations, MPC is the only practical choice.
Where both fail
The failure modes that have actually drained treasuries:
Signers under the same roof. A 5-of-9 multi-sig where 6 of the signers are employees of the same company in the same office is, effectively, a 1-of-1. Same for MPC shares held on machines on the same network.
Phished signing. Both schemes assume the signer reviews what they are signing. In practice, signers approve transactions presented by a UI without simulating them. A malicious dApp gets the same signature as a legitimate one.
Compromised signing devices. A laptop with malware can present one transaction to the user and sign another. Hardware wallets defeat this for multi-sig signers; MPC implementations vary in how well they isolate.
Bad cryptographic implementation. MPC protocols have shipped real bugs, biased nonces, weak randomness, recovery paths that bypass thresholds. Multi-sig contracts have the same risk in principle, but the dominant implementation (Safe) has been beaten on for years.
Recovery paths that bypass the threshold. "Lost device" recovery procedures often have weaker authentication than the threshold itself. An attacker who can claim a lost device can drain the wallet through the back door.
How to choose
Three questions, in order:
1. Do you need on-chain transparency?
If the answer is yes, DAO treasury, public protocol admin, anything where the community needs to verify governance, multi-sig wins. The on-chain audit trail is the feature.
If the answer is no, institutional custody, internal operational wallet, exchange hot wallet, MPC's privacy of structure is acceptable and sometimes preferable.
2. How many chains do you operate on?
One chain or one EVM ecosystem: multi-sig.
Many chains, including non-EVM: MPC. The operational overhead of running separate multi-sigs on Bitcoin, Solana, Cosmos, and EVM chains is real and accumulates fast.
3. What is your operational tempo?
Slow and deliberate (treasury operations, governance, large rebalances): multi-sig. The friction of getting m of n signers to sign is a feature, not a bug.
Fast and high-volume (exchange withdrawals, market-making operations): MPC.
A pattern that works
For most projects in our experience, the right answer is both:
- Cold treasury and protocol admin: multi-sig, with hardware-wallet signers, geographically distributed, on a Safe with a transaction-review module and a 24-48h timelock for non-emergency operations.
- Hot operational wallet: MPC, with a low cap on outstanding balance, programmatic policies, and tight monitoring.
Each wallet's loss is bounded by what it holds. A drain of the hot wallet is a bad day; the protocol admin and the treasury are untouched.
What we do
The architecture is a written deliverable. The runbooks for "rotate a compromised key", "onboard a new signer", "execute an emergency pause" are written deliverables. The signer training is a delivered training session. None of it is more secure than what your team can actually operate under pressure, that is what the engagement is designed to make sure of.
Once the architecture is live, Wallet Surveillance keeps an eye on every relevant address: queued transactions in the multi-sig, unusual signing patterns from the MPC operational wallet, approvals to unfamiliar contracts. The first 30 minutes of any incident is where the fight is won or lost.
Multi-sig versus MPC is not a religious question. It is an architecture question with a defensible answer for every team, once you write down what you are actually defending and how you intend to operate.