I thought about multisig, but I don't think it will really solve the problem. (Also not 100% sure but I think I can still add multisig even now if I wanted to, just need the public keys of the other signers)

Suppose I multisig 3 users together and then it takes say 2 of the 3 of us to withdraw the funds...then one day someone like Elon Musk drops $1,000,000 bitcoin.

It's going to be awful tempting for those 3 users to simply get together withdraw the funds and split it between the 3 of them.

Similar problem with smart contracts, I could do some type of script/contract then the funds are released when say a specific message is signed  with the private key, but again, if the bounty is high enough, can still work around it, setup a second wallet and 'impersonate' being someone else.

Technically once someone tries to convert the coin to fiat, that last transaction will have a real person associated to it, and the company, coinbase or whatever will know who that was, but it could have passed through hundreds of transactions before that.

It seems that while bitcoin provides transparency, and while I can 'prove' that I own a particular address, there is no way to 'prove' who made the withdrawal.

No matte what way I think of it, there still seems to be a need to have a 3rd party 'trust'

I fear Cory Doctorow might be right in his recent blog article -  https://onezero.medium.com/the-inevitability-of-trusted-third-parties-a51cbcffc4e2