A Look Back at the World’s First Cold Storage, Ethereum Multi-Sig Wallet… | by Mason | Tokensoft | Medium

… Which TokenSoft Created and How that Brought us to Today’s Knox Wallet for Institutional Grade Custody

Cold storage is a frequent topic of discussion as exchanges are hacked, keys are lost, and institutions attempt to recreate standard operating controls. Back in 2017, we created the first cold-storage, multi-signature Ethereum wallet. We didn’t have the benefits of today’s technology but we used this handbook, the Gnosis Wallet interface, and a custom fork of MyEtherWallet to make it work. With Knox Wallet’s recent upgrade for security tokens, we thought security token issuers and institutional investors would appreciate a look back on how we did it and how far the technology has come.

When we started TokenSoft to help companies launch token sales in compliance with securities laws, we had one hard and fast rule. TokenSoft tools were designed to provide issuers with full control of their funds, which meant TokenSoft wouldn’t hold a single key. This is still true today. We also wanted our clients to adhere to the highest level of security. This meant that the funds should be in air gapped cold-storage and multi-signature wallets. Initially, our clients were projecting collecting over $250 million in funds, which was a great way to encourage us to follow best practices. Today’s numbers are even larger so our strong foundation of security is very important.

Although we put together the first prototype in six hours, it initially took 43 steps over the course of an hour to send funds.

The first prototype used a combination of an online machine, an offline machine, a custom implementation of MyEtherWallet, and the Gnosis Wallet web interface. Here’s how they worked:

  • An online machine — Used to access the Gnosis Wallet web interface.
  • An offline air-gapped PC — Used to sign the transactions offline.
  • A custom fork of MyEtherWallet — Used to interface with the multi-signature wallet offline.
  • Gnosis Wallet web interface — Used to gather information required to sign the transaction offline.

In 2016, a couple of colleagues from BitGo and I created the first Ethereum Multi-Signature web hot wallet. This was the first time the highly secure Bitcoin wallet implementation known for moving billions of dollars a month at companies like BitGo was brought to the Ethereum blockchain. Multi-Signature hot wallets are like a personal check with three owners and two signature lines. This means that any of the three owners can sign the check and at least two signatures are required for the bank (multi-sig smart-contract) to clear the transaction.

In TokenSoft’s case, we had an Ethereum multi-signature wallet that was owned by three people signing transactions offline. Two of those three people had to sign the transaction for the Ethereum network to accept it and to initiate the transfer.

Using the analogy of the check, here’s the transaction flow assuming there is User A (who applies the first signature) and User B (who applies the second signature):

Online Machine — User A creates the check and populates it with the recipient (or Ethereum Address) and the amount that they want to send.


As we look at institutions, multiple signers for transactions are very important both for custody and security of assets and administration of assets such as security tokens by the issuer of the security, transfer agents, and custodians.

For example, TokenSoft’s customers can issue and administer their securities on ERC-1404, the simple restricted token standard, upgrading the ERC-20 token standard for securities laws. Using TokenSoft’s Knox Wallet ensures this administration is both secure and meets institutions’ standard operating controls and procedures required for auditors.

Online to Offline — User A transfers this check, which has the recipient and the amount pre-filled but no signatures, to the offline machine.


Offline — User A signs the check. The check now has the recipient, amount and a single signature populated. However, the second signature line remains blank and funds are not spent.


Offline to Online — User A takes the partially signed check from the offline machine to an online machine.


User B repeats this process starting with the partially signed check, adds the second and final signature, and ends with a fully signed check. When this check is broadcast to the bank (smart contract on the Ethereum network) funds are spent and sent.


This is of course overly simplified. In reality, the security of the process created such a complex user experience that we created this handbook with a detailed step-by-step guide on how to move funds.

Knox Wallet’s Upgrade for Security Token Administration

In late 2017, we redesigned this experience in three intense weeks into a mobile-first architecture, speeding up the transfer process without compromising security. We called it Knox Wallet. In January of 2019, we announced the second version of Knox Wallet.


With a user experience design-first approach, we were able to reduce the number of steps for signing a transaction offline to five steps per person, and the time to transfer down to a few minutes — all with no compromise to security. Today, Knox Wallet’s security infrastructure has helped our clients secure their funds and even issue and manage their own security tokens.

If you’d like to learn more about how Knox Wallet works for custody and security token administration, you can register for a demo here.