Security at Multis

July 2, 2019
Théophile Villard

We’re building the first Cryptobank for companies. The thing is, crypto-land hasn’t always been the safest place. Here’s a few pointers to help you form an educated answer as to why you can trust Multis with your company’s crypto.
TL;DR: Multis = Security by simplicity and plurality.


Private keys

Multis takes pride in being a decentralized application. We don’t hold any private keys and will never be custodian of your funds.

Individual wallets

We support several solutions built into Multis to handle your keys, all of which have become industry standards: MetaMask, Portis and more to come (WalletConnect!).

Image for post

Why it matters

  • simple: we don’t want the hassle of providing custody so we’re delegating key management to appropriate services.
  • plural: being agnostic on individual wallets will allow users to use different services, reducing the single point of failure.


The right thing

It’s the backbone of Multis but it’s worth saying it again: multisigs are the proper and robust way to manage crypto as a group. And no, splitting the private key of an individual account is not the answer!

The purpose of multisig wallets is to increase security by requiring multiple parties to agree on transactions before execution. Transactions can be executed only when confirmed by a predefined number of owners.

Exact same contract: audited, used & insurance coming

First off, Multis isn’t introducing a new multisig smart contract. We use the exact same contract written and deployed by Gnosis. Take the contract address used when deploying a new company account:

Image for post

The destination address is 0x6e95C8E8557AbC08b46F3c347bA06F8dC012763f which corresponds to the multisig’s factory contract:

Image for post

The Gnosis multisig smart contract is community-approved and thoroughly-audited:

We found the code under scrutiny to be elegant, robust, and secure. The wallet’s features are implemented with a minimal amount of code, resulting in a reduced attack surface. Despite such minimalism, its well-thought-out design allows for a surprisingly large feature set.

In the long term, we’ll provide a decentralized insurance that would cover our clients should something happen to the Gnosis multisig contract. More decentralized peace of mind 😌

Why it matters

  • simple: we’re building on top of solid foundations which have already proven their worth.
  • plural: a hacker will need to compromise “n out of m” owners in order to steal funds out of an instance of the multisig.

Static website

Server-less, backend-less & password-less

As explained on this blog post Multis is a static website. It’s basically a folder with html, css and js files. To be a bit more precise, thanks to Firebase, Multis has a server-less, backend-less and password-less architecture. It’s worth adding that Firebase is certified under major security standards.


With Cloudflare acting as our proxy we activated DNSSEC for our domain

Image for post

Why it matters

  • simple: we reduced the attack vector so that the only way to compromise Multis is to hack into our Firebase accounts. In this unlikely event it would only compromise the metadata of our user’s accounts as we’re not storing private keys.
  • plural: our Multis bundle is hosted on Firebase’s DNS, but also on Cloudflare’s DNS. We’re planning to host the bundle on IPFS as well in the future.


ClojureScript & spec

We’re committed to building robust software and as such we chose to use the ClojureScript programming language: it has a strong reputation for making simple and strong codebases (functional programming). We’re writing specs to ensure the correctness of our data at the edges of our systems.

Audit & bounties

Multis’s code is “interface” code and changes with every new release (multiple times a day) — in that sense it makes less sense to audit it (than immutable smart contracts). Nonetheless, we’re in the process of running bounties to help stress-test our service.

Note: We’re still pondering whether to open source Multis’ code but as of now the code is not open-source, making it harder to copy (and create phishing websites).

Why it matters

  • simple: we’re using a simple language, making our code easier to reason about, which naturally improves software quality.
  • plural: thanks to bounties we will experiment with different attack strategies.


Now that you have a better picture of Multis’ architecture and approach to security, let’s see how this would play out in these three challenges.

💀 The Death Challenge: what happens if Multis disappears?

That’s the question we should all ask before using any service!

Let’s say you have an account on Multis, the address of your company account looks like this: 0x4729ea9389……

If Multis dies, nothing really happens. Multis never had your private keys in the first place. Your company funds will still be under that address, and you could still access these funds from another interface. You can think of it as if your email client shuts down: you can still access your emails from another client. You will just have lost access to a superbly convenient and crisp interface called Multis 😉

🤷‍♂ The Dumb Owner Challenge: what happens if one owner loses their private keys?

That’s the question we should all ask before working with anybody!

Well in that case it really depends on how you set up your Multis account. We’ve always been preaching for a “n out of n+1” policy (n confirmations needed for a multisig of n+1 owners). Meaning that if one owner loses their individual wallet/private key, the other owner can remove that previous owner and add them again with another address.

If you’re in a “n out of n” policy, your only chance is if you have a daily threshold strictly greater than zero: you’d be able to move ETH out of your account little by little and create a new one with the proper policies.

If you’re “n out of n” and you have no threshold (or you have ERC-20 tokens), in that case there’s one thing to say “sorry for your loss” 😢

Note: Multis is thinking about preventing people setting a “n out of n” policy.

💠 The Transparency Challenge: how can I verify at any time that Multis is doing the right thing?

That’s the question you should ask before delegating any actions!

Turns out this Blockchain technology stuff isn’t such a bad thing after all:

Consider this analogy: it’s as if you wanted to check the time and your watch doesn’t work. The other clocks still do. In a way, the blockchain behind all the watches in the world is the most immutable of all: time itself ✨

Multis is also hiring in multiple positions (growth/design/engineering): if you’re keen to join our team of crypto dreamers and contribute to our mission to democratize companies’ access to crypto, send us an email at

Thanks to Nizar.

Get the Guide!
Breaking Legacy: A CFO's Guide to DeFi & Digital Assets
Decentralized Finance (or DeFi) and digital assets aren't just a fad or a bubble. They have the potential to provide value to people typically underserved by traditional banking systems, in particular small and medium sized enterprises. Learn how SMEs can leverage decentralized financial services including:
High interest savings accounts that earn more than traditional bank accounts
Accepting payments in digital assets before incorporation
Receiving instant loans
Invoice financing solutions
Paying salaries instantly in digital assets with no cross-border payment fees
Thank you! You will receive an e-mail shortly!
Oops! Something went wrong while submitting the form.

Multis, crypto-first business banking

A powerful interface for companies to make the most of their crypto
Open account