The Need for Multisig-driven SStx purchase transactions Decred stakeholders must restore private key material on potentially compromised hardware in order to stake DCR. Multisig-driven approaches can make it difficult for hackers to steal funds from stakers even when some machines are compromised. A keylogger can compromise a hot wallet should the seed phrase ever become accessible. An example of such a machine, is one used for staking Decred. Importantly, when a properly configured multisig-mode wallet is used for staking, knowing its seed phrase alone would not be enough to steal DCR funds. A dcrwallet multisig-mode could generate purely N-of-M addresses. The cosigners to these multisig addresses would be alternate wallets with distinct seeds created on separate physical hardware, or by reputable third party cosigner services. There are a few drawbacks to this beyond implementation effort. For one, using a third party cosigning service could violate the staker's privacy. The third party would likely charge an additional fee, too. Next, for higher security, using many cosigners could become essential. If any one of the prerequisite cosigners failed to cosign due to software or hardware issues, however, it could temporarily block the user from making desired SStx purchase transactions. Components of implementation may include: A. Make dcrwallet capable of generating pure N-of-M multisig wallet accounts e.g. Electrum B. New Project: dcrcosigner A process named dcrcosigner or similar would implement a secure multisig cosigning service on user hardware. The process cosigns multisig SStx purchase transactions. Several existing companies provide multisig cosigning services for Bitcoin. To work with those companies or similar is one route to make this service easy to use without much setup, with privacy/safety caveats. C. Implement dcrcosigner workflow into SStx purchase transactions in dcrwallet Summary A hot wallet would ideally never be fully constructed on one machine. Multisig-mode HD wallets are needed to enable this. Companies like TrustedCoin provide reputable third-party cosigning services. A hacker should need to compromise a user-configured threshold of machines in order to steal DCR funds.