Skip to content

Asylia Multisig Vaults

Multisig self-custody,
calm by design.

A quiet place for Bitcoin you intend to keep. Multisig by default, hardware-first by principle.

Open Wallet View on GitHub

P2WSH multisig

·

Hardware-first

·

Open source core

·

Sovereign exports

Three pillars

Built around three quiet decisions.

A calm product is a set of strict decisions made on purpose.

  1. Multisig by default.

    Asylia replaces one fragile seed with a small committee of hardware signers. No single device can move Bitcoin alone.

    2-of-3 / wsh(sortedmulti)

  2. Hardware-first signing.

    Private keys stay on Trezor or Ledger. The browser prepares an unsigned PSBT; devices review and sign in-hand.

    Private keys never leave devices

  3. Yours, in every format.

    Every vault remains portable. Export the same policy to Sparrow, Caravan, Bitcoin Core, or an Asylia backup.

    Descriptor exports / no lock-in

How multisig works

From wallet policy to confirmed transaction.

  1. 01

    Create wallet.

    Name the wallet, lock it to Bitcoin mainnet, choose the 2-of-3 policy, and pick the hardware signers that will hold the vault.

    P2WSH / wsh(sortedmulti)

    Wallet

    Treasury reserve

    Policy

    2-of-3 / Bitcoin mainnet
    wsh(sortedmulti(2, xpubA, xpubB, xpubC))
  2. 02

    Create transaction.

    The wallet turns a spend intent into a PSBT: recipient, amount, change, and fees are explicit before any device is asked to sign.

    PSBT v2 / unsigned

    Recipient

    bc1q...x4gz3

    Amount

    0.10000000 BTC
    PSBT assembled / unsigned
  3. 03

    Sign and broadcast.

    Signatures arrive from hardware devices. Once two signers agree, the threshold is met and Asylia can broadcast the final transaction.

    Threshold reached / 2 of 3

    Signatures

    2 / 3
    Confirmed in block / txid 4f2a...91c8

Doctrine

"One script. Narrow surface. Zero policy ambiguity."

— The Asylia policy charter

In plain English

Bitcoin supports dozens of ways to describe a multi-key wallet. Asylia commits to exactly one: the same standard Trezor, Ledger, Sparrow, and Bitcoin Core have implemented in production for years. When every serious tool speaks the same language, review gets faster and interoperability comes naturally.

The technical shorthand is wsh(sortedmulti(N, key1, …, keyN)): a native-SegWit multisig that requires N signatures from a defined set of keys. It is narrow on purpose. Narrow is what you want from the policy guarding long-term Bitcoin.

The only policy we ship



wsh(sortedmulti(2, xpubKey1, xpubKey2, xpubKey3))

Hardware

Your keys live on dedicated signing devices.

Hardware wallets keep private keys offline and approve transactions in-hand. Asylia prepares the PSBT, the devices sign it, and private material never passes through the browser or our servers.

Trezor

Trezor Safe 3, Model T, and Safe 5 register policies and co-sign PSBTs directly inside the wallet.

Register and sign · live today

Ledger

Ledger Nano X and Nano S Plus register wallet policies and co-sign PSBTs directly inside the wallet.

Register and sign · live today

More hardware coming

Every new signer is reviewed against the same PSBT and policy model before it ships.

BitBox02 · Coldcard · Jade on the roadmap

The product

Every screen earns its place.

Vault dashboards, hardware flows, PSBT review, and the public design-system explorer all share one interface language: precise, restrained, unmistakably Asylia.

wallet.asylia.io/app/vaults

Workspace

Three vaults. One quiet command center.

Family treasury

4.218 BTC

2-of-3

Pending proposal

1 signature left

Mempool fee

12 sat/vB

Hardware

Trezor + Ledger

Build PSBT

Register policy

Co-sign

Product principle

"A signing flow should make every consequence visible before a device is asked to approve it."

Premium design here means fewer doubts at the moment Bitcoin is about to move.

Hardware verification

Three independent reads of every PSBT.

Browser, device, and quorum each get the last word - no satoshi moves until all three agree.

  1. 01

    Browser

    Composed in the open

    • Inputs and outputs balanced

    • Mempool fee charted in real time

    • Witness data sanity-checked

  2. 02

    Device

    On a screen we cannot edit

    • Recipient address shown in full

    • Amount and fee in BTC and fiat

    • Hold-to-sign on the hardware key

  3. 03

    Quorum

    M-of-N or nothing

    • Threshold reached, never exceeded

    • Replace-by-fee stays available

    • Explorer-ready before broadcast

Vault detail

Balance, proposals, signers, history - one screen.

Every vault carries live mempool context, signer policy, and pending transaction state without breaking the calm surface.

Signing flow

Co-sign, step by step, device by device.

PSBTs round-trip through the hardware stack with clear checkpoints, deterministic copy, and no private material in the browser.

Custom design system

One crafted system for product, marketing, and flows.

design.asylia.io/components

01

Tokens

Color, type, radius

02

Components

Cards, modals, tables

03

Flows

Vaults, PSBTs, hardware

The public explorer shows real components, tokens, and wallet flows in isolation so decisions stay reviewable before they ship.

Open design system

Interoperability

Your keys, your choice of tools.

Asylia is a view onto a policy, not a silo. Import from or export to the multisig tools the ecosystem already trusts.

Transparency

What we hide, we cannot defend.

The Bitcoin surface - descriptors, derivation, PSBT, chain data, hardware transports - is MIT-licensed and open for review.

Security model

Threat model, policy rationale, audit status, and responsible-disclosure contact - the full security posture of Asylia, always up to date.

Read the security model

Open source core

Five MIT-licensed packages — btc-core, blockchain-data-btc, hw-trezor, hw-ledger, shared-types. Fork them, read them, audit them.

View on GitHub

Fee

A hard boundary. No surprises.

Free up to 2,100,000 sats (0.021 BTC). Above that, a transparent Asylia fee output appears before signing: 0.1%, capped at 21,000 sats.

Clear free boundary

2,100,000 sats

0.021 BTC per transaction before any Asylia output exists.

Precise rate above it

0.1%

One thousandth of the send amount, shown before signing.

Predictable maximum

21,000 sats

The fee stops growing once it reaches the cap.

  1. 01

    Build PSBT

  2. 02

    Target address

  3. 03

    Boundary check

  4. 04

    Optional fee

  5. 05

    Broadcast

The boundary is binary: at or below 2,100,000 sats there is no Asylia fee output. Above it, the output is explicit, capped, and visible to every signer before broadcast.

Plain answers

Questions people ask first.

Deeper threads - threat model, audit status, responsible disclosure - live on the security page.

Hold your own keys

Hold your own keys.
Quietly.

No credit card. No onboarding gauntlet. Just Trezor or Ledger signing, an email for account recovery, and a new multisig vault.

Open Wallet Read security first

Bitcoin only · wsh(sortedmulti) only · Open source core · Built in Europe