Escrow

What Is Escrow?

Escrow is a financial arrangement in which a neutral third party holds assets (typically money) on behalf of two transacting parties, releasing those assets only when predetermined conditions have been met. The concept dates back centuries in traditional finance, where escrow agents, banks, and title companies serve as trusted intermediaries for real estate closings, mergers and acquisitions, and high-value asset transfers.

The core problem escrow solves is the trust gap: a buyer does not want to send money before receiving goods, and a seller does not want to ship goods before receiving payment. By introducing a neutral holder, both parties can proceed with confidence that funds will only change hands when obligations are fulfilled.

In the cryptocurrency world, escrow takes on new forms. Rather than relying on a human intermediary, smart contracts and multisig wallets can serve as programmable, trustless escrow agents that automatically enforce release conditions without requiring trust in any single party.

How It Works

The mechanics of escrow differ depending on whether the arrangement is traditional, smart contract-based, or multisig-based. All three share the same fundamental pattern: lock funds, verify conditions, release or refund.

Traditional Escrow

In a traditional escrow arrangement (common in real estate and M&A transactions), the process follows these steps:

1. Buyer and seller agree on transaction terms and select an escrow agent
2. Buyer deposits funds into the escrow agent's account
3. Seller delivers goods, services, or documents per the agreement
4. Escrow agent verifies that all conditions have been met
5. Escrow agent releases funds to the seller (or refunds the buyer if conditions fail)

In M&A transactions, escrow agreements commonly hold back 10-25% of the purchase price during a warranty period so the buyer can verify that the seller's representations are accurate. Real estate escrow is regulated under the Real Estate Settlement Procedures Act (RESPA) and Truth in Lending Act (TILA) in the United States, with escrow account cushions capped at two months of projected payments.

Smart Contract Escrow

Smart contract escrow replaces the human intermediary with a self-executing program deployed on a blockchain. The contract holds funds and releases them automatically when predefined conditions are satisfied.

1. A developer deploys an escrow smart contract with the agreed conditions encoded in its logic
2. The buyer sends funds to the contract address, locking them on-chain
3. The contract monitors for condition fulfillment (confirmation from both parties, oracle data, or time-based triggers)
4. When conditions are met, the contract automatically transfers funds to the seller
5. If conditions are not met within the timeout period, funds return to the buyer

A simplified Solidity escrow contract illustrates the pattern:

contract Escrow {
    address public buyer;
    address public seller;
    uint256 public amount;
    bool public buyerApproved;
    bool public sellerDelivered;

    function deposit() external payable {
        require(msg.sender == buyer);
        amount = msg.value;
    }

    function confirmDelivery() external {
        require(msg.sender == buyer);
        buyerApproved = true;
        if (buyerApproved && sellerDelivered) {
            payable(seller).transfer(amount);
        }
    }

    function refund() external {
        // Time-based refund logic
        payable(buyer).transfer(amount);
    }
}

Deploying escrow contracts on Ethereum mainnet can cost $100-500 in gas fees depending on network congestion, while Layer 2 solutions like Arbitrum or Polygon reduce deployment costs to under $10.

Bitcoin Multisig Escrow

Bitcoin does not natively support complex smart contracts, but it achieves escrow functionality through 2-of-3 multisig arrangements. Three parties each hold one private key: the buyer, the seller, and a neutral arbitrator. Any two of the three keys can authorize a transaction.

1. Buyer, seller, and arbitrator each generate a key pair and share their public keys
2. The three public keys are combined to create a P2SH multisig address requiring 2-of-3 signatures
3. Buyer sends funds to the multisig address
4. Seller delivers the goods or services
5. If both parties are satisfied: buyer and seller sign a transaction releasing funds to the seller (arbitrator not needed)
6. If there is a dispute: the arbitrator reviews evidence and co-signs with the appropriate party to release or refund funds

The arbitrator cannot steal funds because they hold only one of three required keys. Even if the arbitrator colludes with one party, the other party's key is still required. This structure makes multisig escrow significantly more secure than custodial alternatives where a single entity controls the funds.

# Create a 2-of-3 multisig address using Bitcoin Core
bitcoin-cli createmultisig 2 '["pubkey_buyer","pubkey_seller","pubkey_arbitrator"]'

# Result: a P2SH address where funds require 2 of 3 signatures
{
  "address": "3J98t1WpEZ73CNmQviecrnyiWrnqRhWNLy",
  "redeemScript": "5221...2103...2103...53ae"
}

Platforms like Hodl Hodl use this approach for peer-to-peer Bitcoin trading, enabling users to buy and sell Bitcoin without a centralized exchange ever taking custody of funds. For more on how multisig wallets work, see the Bitcoin multisig wallets deep dive.

Centralized vs. Trustless Escrow

Escrow implementations fall on a spectrum from fully centralized (a licensed escrow company holding funds in a bank account) to fully trustless (a smart contract with no human intervention). Each approach involves different tradeoffs:

In practice, many crypto escrow services use a hybrid approach: smart contract or multisig enforcement for the funds, combined with human arbitration for disputes that cannot be resolved on-chain. This mirrors how HTLCs provide trustless payment routing on the Lightning Network while still requiring off-chain coordination for complex conditional payments.

Use Cases

Peer-to-Peer Trading

P2P cryptocurrency exchanges use escrow to bridge the gap between crypto and fiat payments. The seller deposits cryptocurrency into escrow while the buyer sends fiat payment through a bank transfer, mobile payment, or other method. Once the seller confirms receipt of fiat, the platform releases the crypto to the buyer. This model powers platforms like Hodl Hodl and Bisq, where no central party ever takes custody of user funds.

Marketplace Transactions

Online marketplaces for goods and services use escrow to protect both parties. The buyer's payment is locked until they confirm receipt and satisfaction. If the seller fails to deliver, funds automatically return to the buyer after a timeout period. This pattern works for physical goods, digital products, domain name sales, and freelance services.

Milestone-Based Freelance Payments

Smart contract escrow enables milestone-based payment structures where a client locks the full project budget upfront. As the freelancer completes each milestone, the client reviews and approves the deliverable, triggering partial fund releases. If the client fails to respond within a review window, some contracts include automatic release mechanisms. Platforms like FlowEscrow Work and Midcontract offer this model with fees around 1-2%.

Cross-Chain Atomic Swaps

Atomic swaps use escrow-like mechanisms to exchange assets across different blockchains without trusting an intermediary. Hash time-locked contracts (HTLCs) create a linked escrow on both chains: either both sides of the swap complete, or neither does. This same principle extends to submarine swaps between on-chain Bitcoin and the Lightning Network.

Programmable Settlement

Escrow forms the foundation for programmable settlement in stablecoin payments, where funds can be held until delivery confirmation, regulatory checks, or multi-party approval is complete. For a deeper look at how this works with stablecoins, see stablecoin escrow and programmable settlement.

Risks and Considerations

On-Chain Limitations

The most significant limitation of on-chain escrow is that it can only enforce conditions verifiable on the blockchain itself. A smart contract can verify that a payment was made, a token was transferred, or a time threshold passed. It cannot verify that a physical item was delivered undamaged, that a service met quality standards, or that a freelancer completed work satisfactorily. These subjective assessments require human judgment.

Oracles can bridge some of this gap by feeding external data into smart contracts, but they introduce their own trust assumptions. The escrow is only as trustless as its most trusted input.

Smart Contract Vulnerabilities

Escrow smart contracts hold real funds, making them high-value targets for attackers. Bugs in contract logic, reentrancy vulnerabilities, or incorrect access controls can result in permanent loss of funds. Unlike traditional escrow where a human agent can correct mistakes, smart contract errors on immutable blockchains are often irreversible. Formal verification and third-party audits are essential before deploying escrow contracts with significant value.

Dispute Resolution Challenges

When disputes arise in on-chain escrow, enforcement becomes complex. The New York Convention (which governs international arbitration) requires arbitration agreements to be "in writing," and it remains uncertain whether smart contract code satisfies this requirement. Off-chain arbitration introduces jurisdictional challenges, and court enforcement of awards against pseudonymous blockchain participants can be impractical.

Regulatory Uncertainty

Traditional escrow services are regulated under frameworks like RESPA and state escrow licensing laws in the United States. Crypto escrow services, particularly non-custodial smart contract implementations, operate in a regulatory gray area. As of 2026, there is no comprehensive federal framework specifically governing blockchain-based escrow services, though custodial platforms face increasing compliance scrutiny.

Counterparty and Timeout Risks

In multisig escrow, the arbitrator represents a potential point of failure: if they become unresponsive, disputed funds may remain locked until a timeout expires. In smart contract escrow, poorly configured timeout periods can either lock funds for too long or allow premature refunds. Participants should always verify the timeout parameters before depositing funds.

Why It Matters

Escrow is a foundational building block for trustless commerce. Traditional payment systems rely on institutional trust: banks, payment processors, and legal systems. Crypto escrow shifts enforcement from institutions to code and cryptography, enabling peer-to-peer transactions across borders without requiring both parties to trust the same intermediary.

Bitcoin's 2-of-3 multisig escrow and Lightning Network hodl invoices demonstrate that escrow-like functionality does not require Turing-complete smart contracts. Even Bitcoin Script's limited instruction set supports robust conditional payment patterns. Layer 2 protocols like Spark extend these capabilities further, enabling fast, low-cost transactions with programmable settlement conditions while maintaining self-custody of funds.

This glossary entry is for informational purposes only and does not constitute financial or investment advice. Always do your own research before using any protocol or technology.