How Vaults Work

A vault is a shared wallet on the XRP Ledger that requires multiple people to approve every transaction. Think of it like a joint bank account where no single person can move money alone — a set number of signers must agree before anything happens. This is called "multisig" (multiple signatures), and it's built directly into the XRP Ledger at the protocol level. It's not a smart contract or a wrapper — it's a native feature of the blockchain itself.

If your community, DAO, or project holds shared funds, a vault protects everyone: •No single point of failure — if one person loses their key or goes rogue, funds are still safe •Transparent governance — every transaction is proposed, discussed, and approved on-chain •Accountability — the blockchain records who approved what and when •Blackhole protection — CTO projects that disabled the master key can still operate through the vault's signers Without a vault, a single compromised key means total loss. With a vault, an attacker would need to compromise multiple keys simultaneously.

Each vault has a signer list — the people authorized to approve transactions. Every approver has a weight (their voting power), and the vault has a threshold (the minimum total weight needed to approve). Example: A vault with 5 signers, each with weight 1, and a threshold of 3. Any 3 out of 5 must approve before a transaction goes through. If only 2 approve, nothing happens. You can also give different weights to different signers. A council lead might have weight 2 while regular members have weight 1 — giving the lead more influence without full control. The signer list and threshold are stored directly on the XRP Ledger. X-Multi reads them from the blockchain every time you open a vault — what you see is always the live, on-chain truth.

Every action in a vault starts as a proposal. Want to send a payment? Create a proposal. Want to list an NFT for sale? Create a proposal. Want to change who can approve transactions? Create a proposal. The lifecycle: 1. Propose — any signer fills out the form and signs it 2. Approve — other signers review the details and add their signatures 3. Execute — once enough weight has signed (the threshold is met), the transaction is submitted to the XRP Ledger 4. Confirm — the blockchain processes it and it's done Proposals can also be cancelled before execution, or expire automatically if they sit too long without enough signatures.

Here's something most people don't realize about the XRP Ledger: every account has a sequence number that increases by 1 with each transaction. Transaction #5 must come after #4, which must come after #3. They can't be processed out of order. This creates a problem for shared vaults. If two proposals are created at the same time, they'd both try to use the same sequence number — and one would fail. Tickets solve this. A ticket is like a pre-reserved sequence number. When you create tickets, the vault reserves a batch of sequence numbers in advance. Each proposal gets its own ticket, so multiple proposals can be signed and submitted independently without blocking each other. Think of it like taking a number at the deli counter. Everyone gets their own number, and it doesn't matter what order they're served in — each number is valid on its own. You should create tickets when you first set up a vault. We recommend starting with 5–10 tickets. You can always create more later. Without tickets, you can only have one pending proposal at a time.

When you approve a proposal, your signing key creates a special "multisig signature" — a cryptographic proof that says "I, as signer X, approve this exact transaction." X-Multi encrypts your signing key locally in your browser using AES-256-GCM encryption (the same standard used by banks and military). You enter your seed phrase once during setup, choose a password, and from then on you just enter your password to approve transactions. Your key never leaves your browser. X-Multi's servers never see it. The encrypted data stays in your browser's local storage. When you approve a transaction, the key is decrypted in memory for a fraction of a second, creates the signature, and is immediately wiped from memory. This is the same security model used by MetaMask, Crossmark, and every major browser wallet.

One of the biggest challenges with shared vaults is proving identity. If a CTO project disabled the master key (blackholed it), the vault literally cannot sign into websites like FirstLedger or xrp.cafe — because those sites require a single-key signature to log in. X-Multi solves this with on-ledger authentication. The vault sends a tiny transaction (0.000001 XRP) to itself with a unique session token in the memo field. This transaction goes through the normal approval process — the required number of signers must sign off. Once the transaction is confirmed on the blockchain, it serves as cryptographic proof that the vault's signers authorized a login session. Any website can verify this proof by checking the transaction on the XRP Ledger. We've published an open specification for this at xmulti.app/specs/xmulti-auth-v1.md — any dApp can add support with just a few lines of code.

If your community already has a shared vault on the XRP Ledger: 1. Import it into X-Multi — we'll read the signer list directly from the blockchain 2. Create tickets (5–10 is a good start) 3. Have each signer visit X-Multi and set up their encrypted signing key 4. Start creating proposals If you're starting fresh: 1. Generate a new vault address in X-Multi 2. Fund it with at least 1 XRP 3. Set up the signer list (who can approve and how many are needed) 4. Create tickets 5. You're ready to go The entire setup takes about 10 minutes. After that, managing the vault is as simple as filling out a form and entering a password.