Verify and Restore Your Nunchuk Multisig Wallet Setup

In the last article you established a collaborative multisig wallet. This was a powerful first step towards true financial sovereignty, but your security is only as strong as your ability to recover from disaster. Your setup needs to be robust enough to withstand catastrophic failure or compromise of a single physical location, while uncomplicated enough for you or your heirs to recover it when needed.

This can seem a bit daunting at first, but don’t worry. If you follow this guide you can feel sure that your citadel is impenetrable even under duress from a number of attack vectors or catastrophic loss, and have tested and verified the recovery steps involved.

I recommend that you read this whole article through before you start implementing each step so that you have an overview of the process.

Step 0: Ensure Proper Backups

#

Before you start simulating any failures, it’s essential to have robust backups. Failing to do so could result in the permanent loss of your Bitcoin. Don’t transfer any substantial amounts of bitcoin to this wallet until you have tested the recovery following this article. You can repeat the recovery steps until you feel confident enough to continue.

Do not proceed without confirmed, secure backups. This cannot be overstated. Before you simulate any failure scenarios, confirm that you have:

1. BSMS (Bitcoin Secure Multisig Setup) File: This file contains the necessary configuration data for your multisig wallet. Store it securely in multiple locations together with each Private Key Backup. The BSMS file contains all the necessary configuration data to coordinate the multisig wallet, and without it, the wallets cannot be reconstructed if any of the Private Keys are lost.

2. Seed Phrase Backups for all wallet members: Make sure each wallet member has backed up their seed phrase. This is in addition to the key stored in a hardware wallet or used with an air-gapped device. Follow the backup instructions for each, but always use durable media like metal — never a connected or powered on computer. The seed phrase is critical for signing transactions in the multisig. We recommend a SeedSigner backup plate, but there are other solid options too.

3. Save copies of Nunchuk software
   While this might not be possible on an iPhone, download and save a copy of Nunchuk Desktop and Nunchuk Android APK. Preferrably this should be burned to a CD-ROM, DVD or BLU-RAY disc, but a quality USB drive or SD card is enough for most scenarios. This ensures you have your own working copy of the wallet software in case it is inaccessible for some reason. If possible, keep a copy at each Recovery Seed Phrase backup location.

Once you’ve confirmed that all critical backups are in place and tested their recovery, you can proceed with confidence. Just remember to make sure you never store more than one Private Key (or seed phrase) in one single location.

Step 1: Initial Transaction Test

#

First, initiate a small transaction to your newly created wallet. Confirmation of this transaction signals that your multisig setup is functional. Use an amount small enough so that you are still ok in case some step in the recovery process would fail.

Step 2: Wipe Your Existing Setup

#

To simulate a worst-case scenario, start with a clean slate by wiping everything. This simulates a catastrophic event where all that remains is the bare minimum: your backups.

1. Purge the wallet configuration in Nunchuk.
   This ensures that no remnants of your setup remain on the device.

2. Uninstall Nunchuk from your device.
   This step solidifies the simulation of a complete loss of the original environment.

3. Remove the keys from any hardware or software wallets This simulates a stolen, broken or lost hardware wallet

With no local traces of your wallet, you must now rely on your backups and your ability to restore from scratch.

Step 3: Reinstall and Recover

#

Rebuilding from zero to ensure that you can always recover your multisig coordinator wallet.

1. Reinstall Nunchuk or, for heightened verification value, install it on an entirely different device.
   A fresh environment reduces the risk of any residual configuration. But it is enough to use the same phone as before as long as you removed the old configuration. Use your offline backup copy of your Nunchuk Software you backup.

2. Import the BSMS file back into your phone and recover the wallet in Nunchuk.
   The BSMS file is your multisig blueprint. Without it, reconstruction is impossible. Navigate to Nunchuk, press the “+” to add a wallet, and opt to recover an existing one.

3. Recover via BSMS/descriptors/config file.
   Your multisig setup should now be fully restored, mirroring the original configuration and ensuring the integrity of the recovery process.

Step 4: Add Signer Keys

#

The restored wallet needs its keys. Without them, your multisig is unable to authorize transactions. But don’t worry, this is exactly what we verify now.

• Recover from your hardware backups, if available.
  Follow the procedures specific to your hardware wallets to import the necessary keys.

• Alternatively, add an air-gapped, NFC, or software key.
  For operational security, prefer hardware, but software keys can suffice for testnet scenarios, but not for any meaningful amounts of bitcoin.

Step 5: Verification and Stress Test

#

With the wallet restored, verify that you can see the previously transferred amount and send it back to your other wallet (or exchange). Confirm this transaction by sending it back again to verify that your recovered wallet is fully operational both for sending and receiving bitcoin.

Next, delete the wallet from Nunchuk at least once more. This may seem redundant, but redundancy is a cornerstone of robust security. Ensure that your recovery process is reliable, repeatable, and devoid of weak links. Repeat this as many times as you need to feel confident of the recovery process.

Adversities to simulate

#

• Lost Wallet Member Public Keys
  Assume a wallet member is unreachable — can the remaining member still recover their wallets and sign transactions? Each member can follow the previous steps to verify this.

• Lost One Private Key
  Test the resilience of your setup by simulating the loss of a private key. Can the other members still send and receive Bitcoin?

• Multiple Lost Keys
  Push the boundaries a little — simulate the loss of multiple keys. Does your multisig design hold under such pressure? Make sure you understand the limitations of your setup by understanding how many keys or signatories your specific setup can manage while still being operational.

• Nunchuk No Longer Exists
  Contemplate the failure or censure of Nunchuk as a service. Migrate your recovery efforts to Sparrow Wallet, a test of your setup’s true decentralization and independence of single points of failure in the software supply chain. For extra security, I recommend that you save a copy of Sparrow together with the Nunchuk backups, and follow the linked article after you completed this Nunchuk verification article.

• Unauthorized access
  Simulate an unauthorized access attempt by an adversary who gains partial access to one of the backup locations, and make sure one physical location is not enough to gain access to enough keys to steal your Bitcoin.

Conclusion

#

In a world of increasing surveillance and state interference, your multisig wallet is your wall, protecting your citadel. By rigorously testing your backup and recovery process, you ensure your Bitcoin remains secure, no matter the threat. This is the way of the cypherpunk. We place our trust in mathematics, verify the code, and practice our ability to rebuild from zero using our backups.

Stay vigilant. Stay sovereign.