Getting started
What exactly is FortFi?
FortFi is the execution-time control layer for onchain money: every send, swap, and agent action is checked against policy before it executes. You get vault-grade multisig wallets on every major chain, with trusted recipients, limits, co-sign, and AI that can propose actions but never gets raw keys. Think of it as the governance layer for your digital assets, whether you're an individual, a treasury team, or an AI agent operating on your behalf.
Who is FortFi for?
FortFi is built for people and teams with real money on-chain who need approval workflows, allowlists, and an audit trail before anything moves:
- Treasury teams and operators managing wallet fleets for customers, agents, or internal teams — portal visibility plus MCP/API for backends.
- SMB teams that have outgrown a shared wallet but do not want heavyweight enterprise custody.
- AI builders giving an agent a budget with caps, allowlists, co-sign, and a policy engine that enforces before money moves.
How does FortFi help companies managing many wallets?
FortFi is a wallet control plane: a portal for operators plus MCP/API for backends and agents. Create wallets at scale, tag them with metadata (customer, agent, region), query subsets by tag, and enforce the same spend caps, allowlists, co-sign rules, and audit trail across the fleet. Policy before funds move — whether you operate ten wallets or thousands.
For enterprise fleet pricing and pilots, contact us.
How does FortFi fit with agent payment platforms?
Agent payment and commerce platforms often own onboarding, identity, merchant acceptance, and agent workflows. FortFi is the wallet operations and permissioning layer underneath: secure wallet fleets, policy before execution, co-sign, and audit. Agents create intents; FortFi enforces caps and rules before funds move. We complement agent-payment rails — we do not replace them.
How is it different from Coinbase, MetaMask, or Ledger?
Every common alternative has a structural flaw that can end with a drained account. FortFi was built specifically to close each one.
- Coinbase and exchanges are custodial. They hold your private keys, not you. If the exchange is hacked, goes insolvent, or freezes your account, you have no recourse. Not your keys, not your coins.
- MetaMask and browser wallets are a browser plugin with your seed phrase stored locally, exposed to every site you visit. Blind signing, phishing, and malicious approvals are trivially easy.
- MPC consumer wallets fix lost seed phrases but optimize for custody UX, not authorization. Removing the seed phrase fixes onboarding, not who can move money, how much, and who must approve — including agents at 2am.
- Hardware wallets (Ledger, Trezor) are better than a browser wallet, but still depend on a single seed phrase with no approval policies, limits, or co-signers.
FortFi is self-custody (you always own the keys), but replaces the seed phrase model with passkeys, the same technology used by Apple, Google, and major banks. Your private key lives in a secure hardware enclave on your device and is never exposed as a string of words. Then FortFi adds the layer that no other wallet offers: multisig requiring your passkey plus FortFi's co-signer for every transaction, allowlisted recipients, per-transaction limits, and a full audit trail. The largest institutions in the world don't move large sums with a single signature. They require multiple approvers. FortFi brings that model to individual crypto holders. No seed phrase to steal, no browser plugin to exploit, no single compromised key that can drain your balance.
How is FortFi different from Safe or Fireblocks?
Those are the two tools crypto teams usually land on, and FortFi sits between them on purpose.
- Safe is the free, default multisig. It gives you the smart-contract vault, then leaves the rest to you. Setup and ongoing ops — owners, modules, guards, signer rotation, multichain — scale with your team. Approvals often scatter across chat. There is no first-class layer for AI agents. A great primitive, but you assemble and maintain the product around it.
- Fireblocks is the enterprise fortress. It's powerful, but it starts around $18K a year, takes real work to operate, and is built for institutions with a procurement team.
FortFi gives you self-custody like Safe and governance discipline like Fireblocks, in one account that is simple to run: passkey sign-in in minutes, multichain out of the box, allowlisted recipients, configurable co-signer approvals, fiat on/off-ramp, and a unified audit trail. It is the only one of the three where the same policy engine governs your team and your AI agents — with a visual UI for agent activity. No contracts to deploy, no enterprise contract to sign.
Is this just another agent wallet?
No. Agent wallets solve access. FortFi solves control. The gap in agent finance is not intelligence. It is permissioning, limits, and accountability before real money moves. FortFi policy engine and co-sign make delegation explicit: who can move what, how much, to whom, and who has to approve it.
What is authorization drift?
Authorization drift is when someone approves once and an agent acts later under a permission nobody revisits. The original yes still feels valid, but the context has changed. FortFi brings approval back at payment time through the policy engine: caps, allowlisted recipients, and co-sign when stakes rise.
What is execution-time authorization?
Execution-time authorization means FortFi does not only ask who has access. It asks whether this specific action is allowed right now: amount, recipient, asset, chain, actor, approval state, and policy. That matters for agents because a human may approve a budget once, but the agent acts later.
Security vs authority — what is the difference?
Identity proves who. Policy decides whether. Audit proves what happened. Most wallets stop at access. FortFi is built for authority: policy engine checks, co-sign, and an immutable audit trail before money moves.
How does FortFi reduce wallet-drain risk?
FortFi does not assume you will catch every bad link, fake repo, malicious frontend, or confusing signature. "Be careful" is not a security model. FortFi reduces blast radius: no seed phrase, trusted recipients only, limits before every move, and co-sign for higher-risk actions.
What happens when an agent gets something wrong?
That is the whole point of the control layer. Agents operate inside caps and allowlists. Large or unusual moves require co-sign. Every action is logged. FortFi is built for graceful degradation: the agent can be wrong without draining the treasury.
How is FortFi different from institutional agentic banking?
Large institutions often need regulated execution rails and settlement. FortFi focuses on the control layer teams, founders, and high-net-worth individuals need today: passkey vault, policy engine, co-sign, mobile approval, and MCP for agents. Live in minutes, not a six-month integration.
What happens if FortFi shuts down?
Your funds are on public blockchains and your signing keys are in Turnkey's TEE infrastructure, not in FortFi's custody. If FortFi disappeared, you could still export your keys from Turnkey directly and recover your wallets. Self-custody means the assets are always yours. FortFi adds governance, not control. See our continuity runbook for step-by-step recovery.
Why does funding ask for identity verification?
Identity verification (KYC) is required by FortFi's funding partners (Coinbase, Transak) to comply with financial regulations when enabling fiat deposits or crypto purchases. FortFi never sees or stores your ID documents; that process is handled entirely by the funding provider. Availability also varies by region; Coinbase and Transak determine which payment methods and countries are supported.
What is FortFi?
A secure on-chain account and execution-time control layer: vault-grade multisig wallets on public chains, with policy checks, trusted recipients, fund in and cash out on supported chains, swaps, cross-chain bridges, and AI assist. Every payment is an ActionIntent: policy check, disclosed fees, your confirmation, execution, immutable audit trail. Hold USDC or route assets across Base, Ethereum, Solana, BNB Chain, and Hyperliquid under the same security model.
See also our security model.
Vault first: holding is the product
FortFi accounts are vaults, not hot wallets. Signing keys live in TEE enclaves via Turnkey, never exposed as seed phrases in the UI. You can park assets safely on Base, Ethereum, Solana, BNB Chain, Hyperliquid, Avalanche, Arbitrum, Optimism, and Polygon, and more.
Want true multisig? Add one or more co-signers with configurable approval thresholds to your accounts, and to your agents. It is multisig as a service, with no contracts to deploy. If you lose a device, a backup passkey restores access, so there is no seed phrase to lose and no single point of failure.
Fund in and cash out, without the tab circus
You should not need a CEX tab, a bridge tab, and a wallet tab just to get USDC on the chain you actually use. On supported chains, tap Fund on any vault account. Coinbase Hosted Onramp opens in a secure flow: pull from your Coinbase balance (crypto you already hold, cash on Coinbase, or linked bank where available), or buy with debit card or Apple Pay when those rails are offered for your region. FortFi never holds your fiat. Settlement lands in your vault on that chain.
When you are ready to exit, Cash out sends you through Coinbase Offramp: bank transfer (ACH), PayPal, or back to your Coinbase balance where available. Same partner discipline as funding. Availability, limits, KYC, and fees follow Coinbase and your region, not FortFi.
See Legal → Funding and Legal → Cash out for the full disclaimer.
Move & trade under one security model
Send any supported asset to allowlisted recipients. Same-chain swaps via CoW (including limit orders, slippage controls, and GTC). Cross-chain via 1inch Fusion+ and deBridge, including routes to Hyperliquid and other networks that most wallets do not offer natively. Swaps and bridges use the same review-and-sign discipline as sends.
Long-tail tokens show up in search. Verified labels mark assets with stronger market-data signals; unverified picks require an explicit acknowledgment before you can quote, so you cannot accidentally swap into a look-alike scam without seeing it.
AI chat and voice: it works for you, never holds your keys
FortFi Assist can check balances, token holdings, and portfolio PnL; draft sends, swaps, and bridges; and help open accounts on supported chains via chat or voice. It creates intents only. Policies must pass and you approve with your passkey before anything settles.
Can AI agents use FortFi? (Permissioning before agents touch money)
Yes, and this is what makes FortFi different. Most wallets give agents a private key. FortFi gives agents budgets, allowlists, and approval thresholds inside your vault. MCP gives agents reach. FortFi gives them limits. Through MCP, an autonomous agent can manage a secure portfolio across major chains: read balances, holdings, and PnL; send to trusted recipients only; swap same-chain and cross-chain; and manage co-signers. Agents authenticate with scoped API keys and pay for access over x402. They never touch your signing keys.
Every agent action runs through the policy engine you set before execution: allowlists, per-transaction and daily limits, and co-signer thresholds. An agent cannot loosen a rule without a fresh signature from your funding wallet. A stolen API key can spend within your budget at worst, never rewrite the rules or drain the vault. You delegate execution without delegating control.
If an agent makes a confident but wrong call, FortFi is built for graceful degradation: caps, allowlists, co-sign on large moves, and a full audit trail. The agent can be wrong without draining the treasury.
See the REST API docs (Swagger UI) for human integrations, or /agents for MCP + x402. Read the security model for how agent governance and signatures work.
How is FortFi like a modern money app, but on-chain?
| Traditional money app | FortFi |
|---|---|
| One login, many accounts | Passkey → vaults on every major chain |
| Add money / withdraw to bank | Fund from Coinbase balance, card, or Apple Pay · cash out via ACH (Coinbase Offramp) |
| Move money between accounts | Send + swap + cross-chain bridge |
| Fraud alerts / limits | Policy engine + intents + co-signers |
| Support chat / mobile app | AI chat + voice: balance, send, swap proposals |
| Institutional trust (FDIC, etc.) | TEE enclaves + multisig + audit (self-custody trust) |
FortFi is not a bank or licensed money transmitter. Not FDIC insured. Alpha software; see Terms.
Why not stick with traditional finance?
Custodial money apps optimize for reconciliation inside closed systems, not programmable money on open networks: slow globally, expensive cross-border, permissioned at every hop. On-chain assets invert settlement when you tame keys, phishing, and policy leakage. FortFi keeps those advantages with deterministic controls and audited intents.
Custody & signing
No seed phrases in the UX. Signing material runs in hardened TEE infrastructure via Turnkey; keys do not live on ordinary app servers used for browsing.
Dual authorization (new wallets): your passkey plus FortFi's co-signer after policy checks (allowlist, limits, cooling-off on new recipients). A stolen passkey alone cannot complete a payout FortFi refuses; FortFi cannot move funds without your device approval.
Fees
You always see network (gas) and protocol fees before you sign a swap or bridge. FortFi can sponsor network fees via Turnkey on Base, BNB Chain, Ethereum, Polygon, Arbitrum, Gnosis, and Solana mainnet so your first sends and swaps are not blocked for lack of native ETH, BNB, xDAI, or SOL. Sponsorship is a convenience perk during alpha; availability may vary by network and account.
During private alpha, FortFi platform fees on swaps are 0 bps unless otherwise disclosed at quote time. When enabled, integrator fees are embedded in the swap route. They do not require a separate passkey signature beyond your normal swap confirmation; they are shown in the review step for transparency.
What's live vs coming next
Live in private alpha
- Vault accounts on major chains with passkey login, no seed phrase to expose
- Unified balances, accounts, and token holdings across chains (Explore)
- Fund from Coinbase, card, or Apple Pay; cash out to bank or PayPal where Coinbase supports your region
- Send only to allowlisted recipients, with limits and review before money moves
- Same-chain swaps and cross-chain bridges in-app, with unverified tokens flagged before you trade
- Yield on Morpho vaults (USDC/USDT) on Base, Ethereum, Arbitrum, Polygon, Optimism, and Hyperliquid, same policy engine as sends
- Sponsored gas on Base, Ethereum, Polygon, Arbitrum, Gnosis, and Solana (via Turnkey; availability may vary)
- Human co-signers and configurable approval thresholds on your accounts
- Backup passkey recovery if you lose a device, not a seed phrase
- FortFi Assist by chat (and voice when enabled on your deployment)
- Developer MCP for passkey accounts; autonomous agents via x402 onboarding, and you approve every move
- Immutable audit trail on security events and money actions
- Spend tab (Gnosis Pay virtual cards): early-access beta; partner onboarding and KYC required
Coming next
- Native trading: Perps and deeper flows on Hyperliquid and other supported networks, same vault security, richer markets (Trading tab preview in app).
- Prediction markets: Polymarket and similar venues inside FortFi, same vault and policy, without connecting a hot wallet to third-party sites.
- Business & team accounts: Shared treasuries, role-based seats, and multi-approver workflows built on the co-signer controls you already have.
Multichain
Balances are partitioned per account and chain. Controls apply per wallet. Supported today:
- base-mainnet
- solana-mainnet
- hyperliquid-mainnet
- ethereum-mainnet
- polygon-mainnet
- bnb-mainnet
- avalanche-mainnet
- megaeth-mainnet
- optimism-mainnet
- arbitrum-mainnet
- gnosis-mainnet
Security first
- Passkeys: device-bound cryptography, not reused passwords from leaked databases.
- Allowlisted recipients: wire-style beneficiary controls, enforced before payouts route.
- Intent pipeline: no silent transfers; review, log, then execute.
- Dual authorization: passkey + FortFi co-approval on signing for new wallets.
- Ledger + audit trail: material state changes recorded together.
- Session timeout: automatic sign-out after inactivity, like a banking app. See Security.
How does alpha access work?
Join the waitlist on the home page. We review submissions and invite in small cohorts. If approved, you receive an email with a private alpha code to unlock passkey sign-in.
That invite arrives from [email protected] (automated, no reply inbox). If it lands in spam, mark it as not spam once so future FortFi mail routes correctly.
Plans & billing
FortFi sells subscription software (monthly USD plans billed through Stripe after sign-in). We are not a bank, exchange, or money transmitter. Subscriptions pay for platform access, usage limits, and support, not for moving your crypto.
Full plan details: /pricing. Autonomous agents (x402, USDC on Base): /agents.
Contact & email from FortFi
FortFi LLC operates FortFi. Questions, alpha issues, or security concerns: [email protected]. A human on the FortFi team reads that inbox.
Official support for FortFi LLC is [email protected]. Automated FortFi messages (alpha invites, co-signer alerts, security notices) are sent from [email protected] only. We never ask for your passkey, seed phrase, or transfer codes by email.