We introduce Blade, a new approach to automatically and efficiently eliminate speculative leaks from cryptographic code. Blade is built on the insight that to stop leaks via speculative execution, it suffices to \emph{cut} the dataflow from expressions that speculatively introduce secrets (\emph{sources}) to those that leak them through the cache (\emph{sinks}), rather than prohibit speculation altogether. We formalize this insight in a \emph{static type sytem} that (1) types each expression as either \emph{transient}, i.e., possibly containing speculative secrets or as being \emph{stable}, and (2) prohibits speculative leaks by requiring that all \emph{sink} expressions are stable. Blade relies on a new new abstract primitive, protect, to halt speculation at fine granularity. We formalize and implement protect using existing architectural mechanisms, and show how Blade type system can automatically synthesize a \emph{minimal} number of protects to provably eliminate speculative leaks. We implement Blade in the Cranelift WebAssembly compiler and evaluate our approach by repairing several verified, yet vulnerable WebAssembly implementations of cryptographic primitives. We find that Blade can fix existing programs that leak via speculation \emph{automatically}, without user intervention, and \emph{efficiently}, imposing less than 20% overhead even when using fences to implement protect.