How to Use Squads Multisig on Solana: Complete Setup Guide (2026)

If you're managing funds with a team on Solana — whether it's a DAO treasury, a project's token reserves, or shared trading capital — a multisig wallet is not optional. It's essential. A single compromised private key should never be able to drain your entire treasury.

Squads is the leading multisig solution on Solana, securing over $10B in assets. This guide walks you through everything from creating your first multisig to executing complex transactions.

What Is a Multisig and Why You Need One

A multisig (multi-signature) wallet requires multiple parties to approve a transaction before it executes. Instead of one person having full control over funds, you set a threshold — for example, 2-of-3 means any two out of three keyholders must approve.

When You Need a Multisig

Project treasuries: Any team managing shared funds
DAO governance: Community-controlled treasuries
Vesting administration: Managing token unlock contracts
Shared trading accounts: Multiple traders accessing the same capital
Personal security: Using multiple devices as separate signers for your own funds
Token authority: Controlling mint/freeze authority on SPL tokens

The Risk of Single-Signer Wallets

With a regular Phantom or Solflare wallet, one compromised seed phrase means total loss. Phishing attacks, malware, social engineering — there are countless ways a single key can be stolen. A multisig means an attacker needs to compromise multiple independent keys simultaneously.

Squads v4: What's Under the Hood

Squads v4 (also known as Squads Protocol) is an audited, open-source multisig program deployed on Solana mainnet. Key properties:

On-chain program: All logic lives on Solana — no off-chain servers that can be compromised
Fully non-custodial: Squads the company cannot access your funds
Programmable: Supports arbitrary Solana transactions, not just SOL/token transfers
Time locks: Optional delays between approval and execution
Spending limits: Set per-transaction or per-period limits for operational wallets
Sub-accounts: Create multiple vaults under one multisig for organized treasury management

Step-by-Step: Creating Your First Squads Multisig

Step 1: Connect Your Wallet

Go to app.squads.so and connect your Solana wallet. Squads supports Phantom, Solflare, Backpack, and most major wallets.

Make sure you're on the real Squads site. Bookmark it and never access it through search engine links — phishing sites that mimic Squads do exist.

Step 2: Create a New Multisig

Click "Create Squad" and configure:

Name: Give your multisig a descriptive name (e.g., "Project Treasury" or "Team Operations")
Members: Add the wallet addresses of all signers. Double-check every address character by character.
Threshold: Set the number of approvals required. Common configurations:
- 2-of-3: Good for small teams. Any two members can approve. One key can be lost without losing access.
- 3-of-5: Better for larger teams or higher-value treasuries. Provides more redundancy.
- 2-of-2: Maximum security for two parties, but if either key is lost, funds are locked forever.

Step 3: Fund Your Multisig

After creation, your Squads vault has a unique Solana address. Send SOL to this address first (you'll need SOL for transaction fees), then transfer any tokens you want to secure.

Important: The vault address is different from any of the signer addresses. When someone sends funds to the multisig, they send to the vault address — not to any individual member's wallet.

Step 4: Verify on Solscan

Use Solscan to verify that your vault address holds the correct balances. You can also verify the multisig program ID to confirm you're interacting with the real Squads protocol and not a malicious clone.

Managing Transactions

Creating a Transaction

Any member can propose a transaction:

Go to your Squad dashboard
Click "New Transaction"
Choose the transaction type:
- Transfer SOL or tokens: Send from the vault to any address
- Program interaction: Interact with any Solana program (staking, DeFi, etc.)
- Token management: Mint, burn, or transfer authority actions
Fill in the details (recipient, amount, etc.)
Submit the proposal

Approving a Transaction

Once proposed, other members see the pending transaction in their dashboard:

Review the transaction details carefully — verify recipient address, amount, and program being called
Click "Approve" to add your signature
Once the threshold is met (e.g., 2-of-3), anyone can execute the transaction

Rejecting a Transaction

If a transaction looks suspicious or incorrect, members can reject it. If enough members reject (meeting the rejection threshold), the transaction is cancelled and cannot be executed.

Time-Locked Transactions

For high-value operations, enable a time lock. This adds a mandatory waiting period between the last approval and execution. If a member's key is compromised and used to approve a malicious transaction, the time lock gives other members a window to reject it.

Recommended time locks:

Treasury operations: 24-48 hours
Token authority changes: 72 hours
Routine operational transfers: No time lock needed (or 1 hour)

Advanced Squads Features

Sub-Accounts (Vaults)

Create multiple vaults under one multisig for organized management:

Operations vault: Day-to-day expenses, lower threshold (e.g., 1-of-3)
Treasury vault: Long-term holdings, higher threshold (e.g., 3-of-5)
Development vault: Grant disbursements, medium threshold (e.g., 2-of-3)

Each vault has its own address and can hold different assets.

Spending Limits

Set up spending limits so routine transactions don't require full multisig approval:

Example: Allow any single signer to send up to 10 SOL per day without additional approvals
Anything above the limit requires the full threshold
Useful for teams that need to make frequent small payments

DeFi Integration

Squads supports interacting with Solana DeFi protocols directly from the multisig:

Swap tokens: Execute swaps through Jupiter aggregator
Stake SOL: Stake to validators or liquid staking protocols
Provide liquidity: Add liquidity to DEXes
Manage vesting: Interact with Streamflow contracts

This means your treasury can earn yield without moving funds to a single-signer wallet first.

Token Authority Management

For token issuers, Squads can hold the mint authority, freeze authority, and update authority of your SPL token. This is critical for trust — a token where a single person controls the mint authority is far riskier than one where a 3-of-5 multisig controls it.

Security Best Practices

Signer Key Distribution

Geographic distribution: Signers should be in different physical locations
Device distribution: Each signer should use a different device/wallet setup
Hardware wallets: At least some signers should use hardware wallets (Ledger or Keystone via Solflare)
No shared access: Never share seed phrases between multisig members

Threshold Selection Guide

Team Size	Recommended Threshold	Use Case
2 people	2-of-2	Maximum security, risk of lockout
3 people	2-of-3	Good balance, one key can be lost
5 people	3-of-5	Resilient, handles two compromised keys
7+ people	4-of-7 or 5-of-9	Large DAOs, maximum redundancy

Emergency Procedures

Plan for these scenarios before they happen:

Lost key: If a member loses access, the remaining members should immediately create a new multisig, transfer funds, and remove the lost key as a signer
Compromised key: Same as lost key, but with more urgency. Execute the migration before the attacker can attempt to collude with another compromised signer
Dispute between members: Your threshold should always be set so that no single faction can unilaterally control funds

Operational Security

Never discuss multisig details (addresses, member identities, thresholds) in public channels
Use encrypted communications for coordinating approvals
Regularly audit pending transactions — any unexplained proposals could indicate a compromised key
Review signer list quarterly and remove inactive members

Common Mistakes to Avoid

Setting the threshold too low: A 1-of-3 multisig is essentially a single-signer wallet with extra steps. If your goal is security, the threshold must require multiple independent approvals.

Not testing first: Before sending large amounts, create a test multisig with a small SOL balance. Practice creating, approving, and executing transactions. Make sure every signer knows how to use the interface.

Losing access to enough keys: A 3-of-5 multisig where three signers lose their keys means the funds are permanently locked. Ensure signers have proper backup procedures for their individual wallets.

Using the multisig address for airdrops/claims: Some airdrop mechanisms require signing a message, which a multisig cannot do in the traditional way. Check compatibility before using your multisig address for claim-eligible activities.

Ignoring member changes: When a team member leaves, immediately initiate a signer rotation. Don't leave departed members as active signers.

Squads vs. Other Options

Squads is the dominant multisig on Solana, but alternatives exist:

Realms (SPL Governance): More suited for full DAO governance with token-weighted voting. Heavier and more complex than a simple multisig.
Custom multisig programs: Some teams build their own. This is generally a bad idea unless you have audited smart contract engineers — the risk of bugs far outweighs any customization benefits.

For most teams, Squads is the right choice. It's audited, battle-tested, and has the widest ecosystem support.

Final Thoughts

Setting up a Squads multisig takes 10 minutes. Recovering from a compromised single-signer wallet takes forever — if recovery is even possible.

If you're managing any meaningful amount of funds on Solana as a team, Squads should be your first infrastructure decision, not an afterthought. Combined with good wallet security practices and proper key management, a multisig dramatically reduces your attack surface.

Start with a test vault, get comfortable with the approval workflow, and then migrate your real treasury. Your future self will thank you when the next wave of phishing attacks hits and your funds stay exactly where they should be.