Gnosis Safe, now officially branded as Safe (safe.global), is the most widely deployed smart contract multi-signature wallet in the crypto ecosystem. Unlike hardware wallet multisig which operates at the wallet software level, Safe implements multisig as an on-chain smart contract: the wallet itself lives on the Ethereum blockchain (and other compatible chains), and its security logic is enforced by code rather than by any particular software or device.
Safe is used to hold hundreds of billions of dollars in collective assets across thousands of organisations and individual power users. DAOs use it to manage treasuries, DeFi protocols use it to control protocol upgrade keys, investment funds use it to manage shared capital, and individual crypto investors use it to implement a multisig vault strategy with Ethereum-based assets. It has been audited extensively by multiple leading security firms.
Understanding Safe is important for any crypto participant who holds significant Ethereum ecosystem assets and wants institutional-grade security, manages shared funds with others, or is implementing a multi-signature strategy for long-term holdings. This resource explains how Safe works, how to set it up, and how to use it effectively.
A Safe wallet is a smart contract deployed on the blockchain. When you create a Safe, you are deploying a new contract instance that defines: the list of authorised signer addresses (the “owners”), and the minimum number of signatures required to execute any transaction (the “threshold”).
To send a transaction from a Safe wallet, at least one signer must propose the transaction. The proposal is then presented to all other owners for their signature. Once the threshold number of signatures has been collected, any signer can execute the transaction by submitting it to the blockchain. The Safe contract validates the signatures and, if valid, executes the transaction.
Each signer can use any Ethereum wallet to sign: MetaMask, hardware wallets like Ledger or Trezor, or any other Ethereum-compatible signer. Using hardware wallets as Safe signers is the recommended approach for maximum security: each signing action requires physical confirmation on the hardware device, adding an air-gapped approval layer to the multisig process.
The on-chain nature of Safe means its security logic is public, auditable, and not dependent on any specific software remaining available. Even if the Safe web application or mobile app ceased to exist, the underlying smart contract would remain deployed and accessible through any Ethereum interface. This persistence is a significant advantage over software-defined multisig that exists only as long as the application is maintained.
Setting up a Safe wallet involves a few straightforward steps, though it requires paying a gas fee for the contract deployment transaction.
Navigate to app.safe.global and connect an Ethereum wallet. This wallet will be the first signer in your Safe setup. Use a hardware wallet if possible for this initial connection, as it will also be one of your signing keys.
Add the Ethereum addresses of all signers you want to include in the Safe. For a personal 2-of-3 vault, these would be three Ethereum addresses: ideally, addresses controlled by three different hardware wallet devices. The Safe does not require signers to be connected during setup: you only need their Ethereum addresses.
Choose the minimum number of signatures required to execute any transaction. For a 2-of-3 Safe, set the threshold to 2. This means any two of your three signer addresses can authorise transactions. The threshold can be changed later through a multisig transaction among the existing owners.
Review the configuration and submit the deployment transaction. This creates your Safe contract on-chain. The gas cost varies with network conditions but is typically modest. Save the Safe contract address that is generated: this is your multisig wallet address where you will receive funds.
The Capital Nexus newsletter covers treasury management, DeFi security, and institutional crypto practices each week: Capital Nexus Newsletter.
Once deployed, a Safe wallet can interact with any DeFi protocol or smart contract on the network, with all interactions requiring the threshold number of signatures. This makes Safe ideal for shared treasury management where no single party should have unilateral control.
Sending ETH or tokens from a Safe follows the proposal-signature-execute flow. The proposing signer initiates the transaction through the Safe interface. Co-signers receive a notification and approve by connecting their wallet and confirming the signature. Once the threshold is reached, the transaction can be executed. For two-person teams or DAOs with active governance, this workflow becomes routine quickly.
Safe also supports Module attachments, which are separate smart contracts that can add functionality to the base multisig. Examples include a time lock module (which introduces a mandatory delay before transactions execute, giving co-signers time to object), a spending limit module (which allows one signer to make small transactions below a threshold without requiring full multisig approval), and a recovery module (which allows a pre-designated recovery address to take control if all signers are unavailable).
For DeFi users who want to interact with protocols like Uniswap, Aave, or Compound from a multisig-secured wallet, Safe supports direct contract interaction through its Transaction Builder tool. You can construct complex DeFi transactions that require multisig approval before execution, a significant security improvement over single-signer DeFi interactions. The risks of DeFi investing are meaningfully reduced when all on-chain actions require multiple independent approvals.
Safe’s security derives from two layers: the cryptographic security of individual signers and the collective threshold requirement enforced by the smart contract.
The smart contract layer has been audited by multiple leading firms including G0 Group, ConsenSys Diligence, and others. It has been in production for years without a direct exploit of its core multisig logic. The contract is open-source and verifiable by anyone. This track record provides strong assurance that the contract’s logic is sound.
The individual signer layer depends on how each signing key is protected. If all three signers in a 2-of-3 Safe use hardware wallets, with keys stored in different physical locations, the attack surface is extremely high: an attacker must physically compromise two hardware wallet setups in different locations to steal funds. This is the recommended configuration for maximum security.
The key risk is loss of access rather than theft. If two or more keys in a 2-of-3 setup are lost simultaneously, funds are permanently inaccessible. This is why backup strategies for each signing key, including seed phrase storage for the hardware wallets used as signers, are as important as the multisig setup itself.
Safe also has some operational security considerations. The Safe web app at app.safe.global is a frontend for the underlying smart contract. Using a compromised or spoofed version of the Safe frontend could result in signing malicious transactions. Always access Safe directly via the known domain, with the URL verified and via your bookmarks, never via links from messages or search results.
Both Safe and hardware wallet native multisig (using tools like Specter or Sparrow for Bitcoin) are valid approaches to multisig security. The choice depends on your assets and use case.
Safe is specifically for Ethereum and EVM-compatible chains. If your holdings are primarily ETH and ERC-20 tokens, and especially if you use DeFi actively, Safe is the natural choice. Its smart contract integration, module system, and the existing Safe ecosystem of tools make it more feature-rich for Ethereum-based use than hardware wallet native multisig.
For Bitcoin-specific multisig, native UTXO multisig using tools like Specter Desktop or Sparrow Wallet is the appropriate approach. Bitcoin’s UTXO model makes smart contract-based multisig less applicable, and its native multisig implementation is battle-tested and well-supported by the leading Bitcoin hardware wallets.
For investors who hold both Bitcoin and Ethereum assets, a combination approach makes sense: hardware wallet native multisig for Bitcoin and Safe for Ethereum ecosystem assets. The multisig vault strategy guide provides the broader framework for designing and implementing a complete multisig security architecture.
Safe is most appropriate for: investors with significant Ethereum ecosystem holdings who want to eliminate single-key risk, teams and DAOs managing shared treasuries, DeFi power users who want multisig security for protocol interactions, and anyone implementing a long-term crypto security strategy for Ethereum assets.
For casual holders with modest amounts, Safe’s operational overhead may not be justified. A well-configured single-key hardware wallet with good seed phrase backup is appropriate for most individuals. Safe becomes the right choice when the value at risk is large enough, or the governance requirements complex enough, to justify the additional setup and operational process.
Shepley Capital’s Obsidian and Black Emerald memberships are designed for serious investors who manage significant crypto positions and want institutional-grade research and strategy support: View Membership Options.