Cosigner: The Onchain Security Layer Your Multisig Is Missing
Some of the largest exploits in crypto had one thing in common: blind signing.
The Bybit breach in February 2025? Over $1.5 billion lost due to a compromised frontend that manipulated transaction details.
WazirX? Compromised keys and blind-signed transactions drained $235 million.
Radiant Capital? A spoofed browser extension tricked users into signing transactions that handed control to attackers.
These weren’t failures of code. They were failures of visibility where signers couldn’t see what they were approving. That’s what makes blind signing so dangerous.
The problem: blind signing creates a dangerous gap between intent and execution
Blind signing is when a transaction is approved without the signer seeing or understanding what it actually does.
This usually happens when:
- The UI displays misleading transaction data (can happen if the frontend had been compromised)
- The signer doesn’t have the technical ability to decode raw calldata
- A wallet or extension is spoofed to hide malicious logic
- The transaction uses a novel approval mechanism that bypasses traditional heuristics
- An internal actor (malicious or simply negligent) pushes a transaction without proper scrutiny
What makes this problem so pervasive is that it exploits human trust in interfaces. Even if your transaction appears benign, the data being signed could upgrade a contract, reassign ownership, or drain a treasury.
In most cases, by the time a signature is issued, there’s no going back. That signature is the last and only line of defense. And when humans are the last line of defense, that line needs to be bulletproof.
This is why we built Cosigner.
Introducing Cosigner: a policy-enforcing, security-aware signer
Blockaid Cosigner is an onchain security layer that integrates directly into your multisig wallet. It acts as an additional, automated signer - one that only approves transactions after they’ve passed a real-time security validation powered by Blockaid’s threat engine and your organization’s custom policies.
Cosigner works alongside your existing human signers, but unlike them, it doesn’t rely on what the frontend displays. It inspects the raw transaction data, simulates its execution, and verifies exactly what will happen before a signature is applied.
Cosigner functions as a fully native signer within a multisig wallet. It requires no custom wallet software or offchain execution environment and can be configured to be either optional or mandatory in your signing policy. Here’s how it operates:
- A transaction is submitted to your multisig wallet.
- Cosigner receives the transaction and simulates its execution offchain using Blockaid’s real-time validation engine.
- Blockaid evaluates the transaction through multiple layers of analysis:
- Static and dynamic code analysis to evaluate smart contract behavior
- Behavioral simulation to detect malicious intent
- Heuristic and pattern recognition based on Blockaid’s threat intelligence network
- Custom rule sets tailored to your org’s specific risk profile and operational policies
- If the transaction is safe, Cosigner adds its signature. Since it acts as one signer in the multisig, approval still requires quorum from the rest of the designated signers.
- If the transaction is malicious or does not meet your organizational policies, Cosigner blocks execution by withholding its signature. Approval can only continue if an authorized override signer manually intervenes.
This setup introduces a trustless enforcement mechanism that:
- Operates independently from human signers
- Detects any malicious behavior, not just known threats
- Maintains your team’s control while enforcing strong transaction hygiene
In essence, Cosigner gives organizations the ability to programmatically enforce transaction security policies - without slowing down workflows or compromising operational flexibility.
Want to see Cosigner in action?
Learn how your team can eliminate blind signing and transact with confidence.
How Cosigner works under the hood
While Cosigner appears as a single signer in your multisig wallet, it’s implemented as its own Safe-compatible wallet with a 1-of-2 threshold configuration. Internally, the Cosigner Safe has two signers:
- Blockaid Signer: Managed by Blockaid. It signs only after a transaction is validated through simulation and threat analysis.
- Override Signer: Managed by the organization. It allows manual approvals for transactions flagged by Cosigner, maintaining operational flexibility.
This separation of control ensures that:
- Blockaid cannot sign unvalidated transactions.
- The organization cannot bypass Cosigner without explicitly using the override path.
- Neither party has unilateral control over execution.
This design eliminates the single point of failure common in other security tools.
What Cosigner protects against
Cosigner provides a hard enforcement layer for the exact risks that standard multisig setups can’t catch:
| Threat | How Cosigner mitigates it |
| Blind signing | Simulates the transaction to see its true effects before signing. |
| Compromised UIs | Ignores what the frontend shows and evaluates the raw calldata. |
| Compromised signers | Blocks execution unless the transaction passes validation. |
| Insider Threat | Prevents malicious or negligent actions from internal signers by enforcing policy-level checks. |
Importantly, Cosigner operates entirely within the onchain model. There’s no proprietary execution environment or offchain dependency for enforcement.
Transactions can only be approved if they’re both valid and explicitly allowed by policy.
Why organizations are deploying Cosigner
For security teams, the priority is enforcement. For operations, it's continuity and speed. Cosigner was built to satisfy both - delivering strict policy-level protection without slowing down workflows.
Here’s why protocols, fintechs, exchanges, asset managers, treasuries, custodians, and DAOs that manage high-value assets are adopting Cosigner:
Seamless integration with existing wallet infrastructure
Cosigner plugs directly into standard multisig setups like Safe, Fireblocks and Squads. It behaves just like any other signer - no new tools to learn, no new transaction formats, and no custom infrastructure required.
Minimal disruption to legitimate workflows
Security shouldn’t slow teams down. Cosigner evaluates transactions in milliseconds, approving safe actions automatically. Teams can continue submitting and approving transactions as they always have - Cosigner only intervenes when a threat is detected.
Customizable security rules based on your needs
Every organization operates differently. Cosigner allows you to define your own security and compliance policies - such as requiring additional scrutiny for treasury transfers, unknown contracts, or high-value transactions. These rules are enforced automatically, on every transaction.
Continuous protection as threats evolve
Cosigner is powered by Blockaid’s real-time detection engine, which constantly ingests new threat intelligence across chains and ecosystems. As attackers adapt, so does your protection - without any manual updates or rule tuning required.
Security at the execution layer is no longer optional
The reality is that most onchain attacks today succeed not because security tools failed, but because they were never in the right place to begin with.
Cosigner brings enforcement to where it matters most: the signature.
It’s not just about preventing hacks. It’s about creating a system where malicious transactions simply cannot be executed, even if all human signers are compromised.
As threat actors grow more sophisticated and continue to target treasuries and signers, Cosigner isn’t just helpful - it’s a necessary final safeguard standing between critical assets and catastrophic loss.