Multisig versus single-sig escrow, in plain language

Single-sig escrow is the simplest model. The buyer funds a platform-controlled wallet at order placement; the platform releases to the vendor on order confirmation. The platform holds the only key on the escrow funds for the duration of the order. The structural risk is obvious. If the platform exits, the in-escrow balance goes with it.

2-of-3 multisignature escrow distributes the funding contract across three keys. Buyer, vendor, platform. Funds cannot be released without two of the three signing. The buyer signs to release on order confirmation, the vendor counter-signs; on dispute, the platform's signature breaks the deadlock. A platform attempting an exit-scam under multisig has to convince a majority of vendors to actively co-sign their own losses, which has not happened in the post-Hydra era and would be visible on-chain within minutes of the attempt.

What changes for the buyer

Almost nothing in the UI. You place orders the same way. The multisig contract is in the background. The only place you notice is on dispute, where the panel's ruling is binding because the platform's third key is the tiebreaker.

Why this is the right default

The economics. The cost of running multisig is small (the on-chain co-signing fee is negligible on Monero); the protective property is large (it removes the single biggest exit-scam vector). For new buyers, the recommendation is uniform: take the multisig contract every time it is offered. Both Anubis and Nexus offer it as the default. Both atlas-listed markets are multisig markets. This is not a coincidence.