Darknet Guides

Bitcoin Multisig Payments Explained

In this article we explain the basics of Bitcoin multisignature payments, specifically how they pertain to darknet markets. We explain their benefits, what you need to know to use them as a payment option, and how to sign a multisig transaction if you ever need to do so.

Multisignature payments, often referred to as “multisig”, are a way of splitting the responsibility of a cryptocurrency payment between multiple parties. They are becoming an increasingly common part of the darknet market landscape because they give buyers and vendors a degree of control over funds designated for an order, right from its onset. They accomplish this by requiring the signature of multiple parties to sign off on a transaction. This means that a combination of buyer/vendor, buyer/market, or market/vendor must sign a transaction for funds to be released to the vendor, or back to the buyer in the event of a dispute.

Multisig is becoming a popular payment option among darknet markets because it serves as an alternative to having to trust a market’s own escrow system. Traditionally, darknet markets collect funds deposited by buyers and release payments to vendors after the buyer has finalized their order. However, being entrusted with a large pool of customer funds can lead to problems for markets, including hacking attempts, accounts compromised by phishers, and worst of all, exit scams. When an order payment is made using multisig, however, it is impossible for the market to run off with the funds unless the buyer or vendor assist them in the process.

Although it may seem like a daunting process, its actually quite simple from the perspective of the buyer as little extra effort is required on their end unless an order goes awry, and payment needs to be refunded or sent to the buyer or vendor if the market encounters problems during the course of the order.

How Multisig Works for Darknet Market Payments

By now you’re probably familiar with the idea of cryptocurrency addresses and private keys, and understand that you must be in possession of an address’ private key in order to spend funds from that address. This is because during the transaction construction process, a signature is generated using the private key that proves ownership of the funds stored at the address. Without this signature, funds stored at an address cannot be moved.

As the name implies, a multisignature address (or multisignature wallet) requires multiple signatures from other addresses in order for the funds it contains to be moved. The most common schema for a multisig wallet is known as “2 of 3,” which means it requires at least two of three signatures to sign a transaction. This is the schema most commonly employed by darknet markets, with the participants being the following:

  • Signer #1: the market
  • Signer #2: the vendor
  • Signer #3: the buyer

Under the “2 of 3” schema, any combination of two of the above three parties can sign a transaction to move funds stored in the multisig address. In most cases, the two parties are the market and the vendor, who sign together to released funds after the buyer has marked their order as received and is satisfied with it. If the buyer’s order does not arrive or they are not content with it, the order may go to a dispute. If the market rules in favor of the vendor, both the vendor and market sign the transaction, with funds going to the vendor. If the market rules in favor of the buyer, the buyer and market sign the transaction, with funds going to the buyer.

In very rare cases – such as the market going offline unexpectedly or simply refusing to release funds to the vendor or buyer – the buyer and vendor can also sign a transaction to send funds in the multisig address to the appropriate party. This may require some off-market coordination between vendor and buyer, however, if the vendor’s receiving address or the buyer’s refund address is not known.

Other multisig schemas (though not necessarily relevant to darknet markets) include “1 of 2” (a shared account between two parties), “2 of 2” (consensus account where both parties must sign), and “M of N” (an arbitrary number of signatures is required out a total list of potential signers, e.g., “2 of 4”, “3 of 5”, etc.).

Preparing to pay for an order with BTC Multisig on Bohemia.

Creating an Address for Payment to a Multisig Address

Bitcoin multisig as a payment option on darknet markets has already been around for a number of years and a decent selection of markets currently support it. The best wallet to perform BTC multisig transactions Electrum, which is a light-weight desktop wallet that offers a high degree of flexibility. It runs on Windows, iOS, Linux and even Android devices and is renowned for being highly secure. There are other wallets which have multisig support, such as Armor, Ledger and Trezor, but Electrum is probably the most straight-forward and easy to use.

Note that if you want to make a multisig payment as a buyer on a darknet market, you will not be the one setting up the multisig wallet — that is the market’s job. Instead, you will simply be providing the market with a BTC address Public Key (starts with a “0”). The market will only need this during the construction of a refund transaction. It cannot use the Public Key to spend funds from your wallet, but it can potentially be used to associate other addresses in your wallet, so you’ll want to create a new wallet for the purposes of making a multisig payment.

Here’s how you create a wallet on Electrum and find an address Public Key:

  1. Open Electrum and select “New/Restore” from the File menu.
  2. Choose a name for your wallet and click “Next”.
  3. It will ask what type of wallet you want to create. Choose the first option, “Standard Wallet”.
  4. It will ask if you want to use a new or pre-existing seed. Choose the first option, “Create new seed”.
  5. It will ask if you want to choose a SegWit or Legacy wallet. Either is fine; Segwit transaction fees can be slightly cheaper, and this option is set to default. For this example, we are selecting “Segwit”.
  6. You will be shown a seed phrase consisting of 12 words. Copy this phrase somewhere secure, then click “Next”.
  7. Enter your seed phrase to confirm you have saved it and click “Next”.
  8. You will be asked if you want to set a password. For maximum security, we recommend setting a password which can be saved along with your seed phrase. Click “Next” to open the wallet.
  9. The wallet opens to the first tab, “History”, by default. Click the “Addresses” tab to bring up your wallet’s BTC addresses. Next, right-click the first address and select “Details”.
  1. This will bring up a screen that displays your address and its corresponding Public Key, which is what you will be sharing with the market when placing a BTC Multisig order.

Though its easy to remember that the first address selected in a wallet is the address you will be using for a darknet market order, you can also label the address in Electrum by right-clicking the address and selecting “Edit Label”. This will make it easier to identify later should you need to reference the address for a refund.

Signing a Refund / Payment Transaction from a Multisig Address

If for some reason an order using BTC multisig as a payment option falls through, you’ll need to know how to sign a transaction so the funds at the multisig address can be sent to the appropriate party. The most common reason this would happen is if you – as a buyer – win a dispute against a vendor. In this case, the market will provide you with a raw transaction that must be signed using the private key of the refund address you have provided either on your account profile or during the order placement process. The best tool to sign such a transaction is known as Coinb.in. This is a JavaScript-based utility that can be used even when disconnected from the internet. After receiving the raw transaction data, follow these steps:

  1. First, you’ll want to verify that the transaction is going to your address and is for the appropriate amount. In this example, our refund address is 18tiB1… and the amount to be refunded is 0.000556 BTC. To verify these are the components of the transaction you’ll be signing, take the raw transaction data and paste it in the Verify box of Coinb.in, then press “Submit”. Coinb.in shows us the following:
  1. Here we can see the address and amount are both correct, so this is a transaction we want to sign. To sign the transaction, switch to the Sign tab of Coinb.in. Paste the private key of your refund address in the corresponding box and then paste the raw transaction in the larger box below. After doing this and pressing “Submit”, we see the following:
  1. The next step will be to broadcast the signed transaction to the Bitcoin network. To do this, copy the data in the Signed transaction box, switch the tab to Broadcast, and paste the signed transaction data into the “Broadcast Transaction” box. Next, press “Submit” (note that you need to be online for this part to work). If done correctly, the transaction will be broadcast to the mempool with your signature, making it a valid transaction that is now waiting to be picked up by a miner. You can now close Coinb.in and return to Electrum while you await reception of your refund.

You can also sign and broadcast transactions from Electrum itself by selecting Tools->Load Transaction->From text, pasting the raw transaction data in the text box and clicking “Load Transaction”. If you are provided with a transaction ID for a tx that needs to be signed, you can do this by selecting Tools->Load Transaction->From the blockchain. After loading the transaction and verifying the correctness of its recipient and amount, you’ll need to press “Sign” then “Broadcast”.

There is one other instance which will require your intervention in the multisig process, and that is if the market goes offline, does not cooperate, or is otherwise unable to generate and sign the transaction. In this case, you’ll need to coordinate the process with the vendor by having them generate and sign a transaction, with the recipient being either you or them (depending on where the funds are supposed to go). It may therefore be a good idea to have an off-market means by which the vendor can be contacted, such as knowing their email address, Jabber address, or account on the Dread forum.

Remember to always verify the contents of a transaction for yourself before broadcasting it with your signature! Make sure the receiving address and amount are what you expect them to be first.

Markets Supporting BTC Multisig Payments

At the moment, there are four darknet markets of decent size and reputation that support BTC Multisig payments:

Tor2Door. Though not the biggest market, Tor2Door is probably the most “multisig-friendly” of any market, given that they actively encourage vendors to support it as a payment option and buyers to make use of it when available. For buyers, Tor2Door requires an address and corresponding public key be attached to a profile before multisig orders can be placed. To do this, hover over the username in the upper-right corner of the market, select “Edit Profile”, and then select the “Multisig Settings” tab. You will also need to enter your account’s mnemonic in addition to the address and public key.

Bohemia / Cannabia. These markets are both owned by the same admin(s) / team, with the former being one of the biggest darknet markets currently in operation and the latter focusing on cannabis and related products. It is a bit difficult to locate vendors that accept BTC multisig on these markets, but they are there, and ones that don’t have the option enabled by default can be asked to make exceptions for larger orders. Unlike Tor2Door, the buyer will need to provide a new BTC address and corresponding public key for each order they place using the multisig payment option.

Abacus. Another mid-to-large size market that has been around for almost three years, Abacus has close to 300 listings for items which can be purchased using BTC multisig at any given time. Multisig configuration on Abacus is similar to Tor2Door in that a BTC address and its corresponding public key must be attached to the buyer’s profile before an order with multisig payment can be made. This can be done by clicking on the “My Information” bar under the Profile Actions menu, and then scrolling down to the Multisig Information area.

Example of how a BTC address and corresponding public key are entered on Abacus.

Potential Problems with Multisig

Despite it being a superior payment method for darknet market orders, there are still a few problems with multisig payments that buyers new to the process should be aware of:

  • They require more work for all parties. Any tradeoff for additional fund security comes with more responsibility: you may have to be ready to sign a transaction if something goes wrong with your order (i.e., to receive a refund or coordinate funds transfer if the market is not cooperating or goes down). You’ll also have to make sure you understand how to sign.
  • They are still prone to scams. Even though it requires help from an additional party, a multisig payment could still be stolen by a nefarious vendor who has managed to employ the help of a corrupted market staff member. The vendor and market staff could collaborate to sign a transaction even if an order was never received, although this is somewhat of a rarity.
  • They are slower to process. A multisig transaction could take hours or even days to process if one of the signing co-parties is slow to act. This means you will have to pay close attention to the status of a transaction after it has been sent by the market if it requires your signature, or it will not be processed, and nobody gets paid or refunded.
  • They are public and can be traced. Bitcoin multisig payments offer no additional degree of anonymity over regular BTC transactions. They are actually easy to identify if the vendor’s multisig address has any blockchain connection to the darknet market they use. This means that BTC sent by the buyer for a multisig payment can potentially be linked to their real-life identity if it has not been thoroughly mixed.

Summary

Bitcoin multisignature payments are a great option to have at one’s disposal when purchasing items on a darknet market. This is because they allow for the buyer and vendor to not have to rely solely on the market to correctly process funds involved with the purchase. While the components involved may seem complicated at first, it is actually quite a simple process from the perspective of the buyer, as all that is usually required is being able to find a Bitcoin address’s public key. If things don’t go as planned, it will require additional action from the buyer, but if the steps in this guide are followed, funds can easily be redeemed by the appropriate party.

Leave a Reply

Your email address will not be published. Required fields are marked *