Blockaid Adds Automated Transaction Proposals to Onchain Monitoring for Fireblocks and Fordefi

Executive Summary

Detecting a threat onchain is only half the equation. The harder part, and the part that matters most when something goes wrong, is what happens next.

For teams running institutional operations with Fireblocks or Fordefi, the response to a monitor firing has typically involved manual steps: someone sees an alert, someone else decides what to do, a transaction gets constructed and proposed, and by the time that all happens, the window to act has often closed. The KelpDAO exploit and the Resolv USR stablecoin hack are two recent examples of incidents where the speed of response, or the lack of it, determined how much damage was done. Even teams that found ways to automate responses on their own faced significant operational overhead to make it work.

Today, we're closing that gap. The Call Contract response action in Blockaid Onchain Monitoring now supports automatic transaction proposals directly to Fireblocks and Fordefi, the moment a monitor fires, with no manual intervention required.

What has existed: How Blockaid Monitoring responds to threats

Blockaid's Onchain Monitoring platform gives security and operations teams continuous visibility into their onchain assets, with configurable monitors that fire when activity deviates from expected behavior. This includes balance threshold breaches, unusual function calls, governance actions, or custom conditions defined by the team.

When a monitor fires, teams can already respond in a number of ways. They can receive an alert via email, Slack, or Telegram, push a notification to a webhook, or make an API call to an external service. They can also use the Call Contract response action to have Blockaid automatically invoke a function on a target smart contract, such as pausing a protocol.

For teams using EVM, Call Contract has been a critical tool for turning detection into automated enforcement. The workflow is direct: select a contract from inventory, configure a response wallet, define the function signature and parameters, and Blockaid handles execution when the monitor triggers.

What was missing was the ability to do this through an institutional custody provider, specifically Fireblocks or Fordefi, rather than through their existing custody infrastructure. For teams where all signing flows through their custody setup, this was a meaningful gap.

What's new: Call Contract for Fireblocks and Fordefi

Teams using Blockaid Onchain Monitoring can now configure the Call Contract response action to automatically propose a pre-defined transaction to Fireblocks or Fordefi when a monitor fires.

The flow works through Blockaid's Cosigner integration. When a monitor triggers, Cosigner receives the event and immediately proposes the configured transaction to the relevant custody provider, with no manual step, no middleware service, no delay. Upload a JSON RPC payload directly in the response action configuration, and the proposal happens automatically the moment the condition is detected.

This means teams can now configure fully automated workflows like:

• Automatic protocol pauses: a monitor detects an anomalous mint or ownership transfer, and a pause transaction is immediately proposed to Fireblocks for execution through the TAP policy and Cosigner review flow
• Emergency withdrawals: a balance threshold monitor fires, and a withdrawal from a DeFi position is proposed to Fordefi without anyone needing to manually construct or initiate the transaction
• Automated risk mitigation: any onchain condition that matters to the team can now trigger a specific, pre-configured transaction proposal, going through the institution's existing signing infrastructure and policy controls

For Fireblocks users, the proposal enters the standard TAP approval flow. For Fordefi users, the proposal is submitted through the Blockaid-integrated API user and follows the configured Transaction Policy. In both cases, the institution's existing controls stay in place. Cosigner adds automation without removing the security layer.

For a deeper look at how Cosigner integrates into institutional signing flows, see how FalconX uses Blockaid to eliminate blind signing across its high-velocity trading environment.

Why this matters: From workaround to native capability

The customer demand for this capability surfaced early. Teams operating DeFi strategies, including funds, trading operations, and protocols managing onchain positions, were already finding ways to bridge the gap between Blockaid's monitoring triggers and their Fireblocks or Fordefi signing workflows. In some cases, that meant hosting a custom backend service, exposing a public API endpoint, and chaining together multiple components just to get from a monitor firing to a transaction being proposed.

That approach worked, but it introduced operational overhead, required ongoing maintenance, and depended on infrastructure that teams had to build and host themselves. The question teams were asking was: why does this have to be so complicated?

With this release, it doesn't. The full path from a monitor detecting an onchain condition to a transaction being proposed to the custody provider is now native to the Blockaid platform, configured directly in the response action UI, and auto-proposed to the administrators by Cosigner.

For institutions that have standardized on Fireblocks or Fordefi as their signing infrastructure, this means monitoring-driven automation that works within their existing controls, rather than around them. It's the same principle behind Blockaid's broader Security Modules approach: active enforcement tools that allow teams to intervene directly in live transaction flows, now extended to cover the full monitoring-to-response cycle.

Getting started

To use Call Contract with Fireblocks or Fordefi, you'll need a Cosigner configured for your provider. From there, response action configuration is handled directly in the Onchain Monitoring platform.

• Cosigner →
• Set Up a Fireblocks Cosigner →
• Set Up a Fordefi Cosigner →
• Onchain Monitoring →
• Call Contract Response Action →

About Blockaid

Blockaid is the onchain security platform trusted by the largest companies operating in Web3. Built by veterans of elite intelligence and cybersecurity units, Blockaid provides end-to-end protection for financial institutions, protocols, and end users, combining direct wallet and dApp integrations with real-time monitoring, detection, and response across smart contracts, infrastructure, and externally owned accounts. Since 2025, Blockaid scanned over 6.3 billion transactions and blocked 585 million attacks. Blockaid is the security infrastructure behind Coinbase, MetaMask, Uniswap, Safe, and dozens of the most widely used platforms in the industry.

Learn more at blockaid.io, and follow us on Twitter and LinkedIn.