How to set up BlueWallet for self-custody vault? (2-of-3 Multisig)

Creating a 2-of-3 Multisig Vault in BlueWallet

1. Launch BlueWallet and select Create new from the wallet selection screen.

2. Choose Vault as the wallet type, then confirm the selection to proceed.

3. Select 2-of-3 as the multisignature scheme during configuration—this requires two out of three private keys to authorize any transaction.

4. Generate and securely store the first set of recovery words. This represents the first cosigner’s seed.

5. Add the second cosigner by scanning a QR code or manually entering an xpub. BlueWallet supports importing xpubs from other wallets including hardware devices.

6. Repeat the process to add the third cosigner using either xpub or mnemonic seed, ensuring all three are distinct and independently secured.

Securing Cosigner Fingerprints and Derivation Paths

1. Each cosigner is associated with a unique fingerprint, stored internally in private_cosignersFingerprints[] within multisig-hd-wallet.ts.

2. These fingerprints serve as cryptographic identifiers tied to specific HD wallet instances, preventing accidental substitution during setup.

3. Custom derivation paths can be assigned per cosigner via private_cosignersCustomPaths[], allowing alignment with BIP44, BIP49, or BIP84 standards depending on device compatibility.

4. BlueWallet validates path consistency before finalizing vault creation—mismatched paths trigger explicit warnings during preview.

5. The system enforces strict separation: no single device holds more than one cosigner’s full secret material unless explicitly configured by the user.

Transaction Signing Workflow for 2-of-3 Vaults

1. When initiating a send, BlueWallet identifies eligible UTXOs and constructs a partially signed transaction (PST) using only the local cosigner’s key.

2. The PST is exported as QR code or file, intended for signing by at least one additional cosigner through their respective BlueWallet instance or compatible software.

3. Once two signatures are collected, BlueWallet verifies Schnorr or ECDSA signature validity against known public keys before broadcasting.

4. If biometric authentication is enabled, it gates access to the local cosigner’s signing capability but does not replace cryptographic verification steps.

5. Hardware wallet integration allows external signing without exposing private keys—Electrum protocol relays unsigned payloads directly to Ledger or Trezor devices.

Backup and Recovery Procedures

1. Exporting the vault backup generates a JSON file containing metadata, xpubs, fingerprints, and custom paths—but never private keys or mnemonics.

2. Recovery requires re-importing this file into BlueWallet and separately restoring each cosigner’s secret using original seeds or hardware device connections.

3. Loss of two cosigners’ secrets permanently locks funds; BlueWallet displays irreversible risk warnings during initial setup.

4. Testnet deployments allow users to simulate full recovery flows before committing real assets.

5. Backup files must never be stored on cloud services or synced across devices—BlueWallet warns against iCloud, Google Drive, or Dropbox uploads.

Frequently Asked Questions

Q: Can I use BlueWallet’s 2-of-3 vault with non-BlueWallet cosigners?A: Yes. Any BIP32-compliant xpub can serve as a cosigner, including those from Sparrow Wallet, Electrum, Coldcard, or Ledger Live.

Q: Does BlueWallet support importing existing multisig descriptors?A: No. BlueWallet does not parse generic PSBT descriptors or output descriptors like tr() or sh(multi()). Setup must occur natively through its UI flow.

Q: What happens if one cosigner’s device is lost or damaged?A: As long as two cosigners remain functional—including restored seeds or connected hardware—the vault remains fully operational.

Q: Is there a way to change the quorum threshold after vault creation?A: No. Thresholds like 2-of-3 are immutable once finalized. Users must create a new vault and migrate funds to adjust signing requirements.