Meet CubeSigner, a low-latency API for generating keys and signing transactions inside secure hardware. Stay safe from insider threats, app compromise, and costly mistakes without sacrificing performance.
Built by world-renowned professors and practitioners of applied cryptography, systems security, and formal verification.
As an industry, we…
Are you surprised that keys get stolen?
We're not.
Protect keys in secure hardware from generation to signing
Give every key a custom security policy
.svg)
Recover keys directly to cold storage
Cubist consistently provides high-quality, well-documented code built with a security-first design. Their developers actively collaborated with our auditors and promptly provided fixes. It's a pleasure to review code for Cubist projects.
Our work secures systems you use every day
Building a secure key manager is harder than it looks
We build on gold standards, not magic dust
But wait... what about MPC?
What’s the matter with doing crypto in the browser?
Instantly support many blockchains
Sign transactions for Bitcoin, Solana, Cardano, EVM chains, and Ethereum’s Beacon chain, or sign raw hashes with Secp256k1, Ed25519, and Stark. To add a new chain, all you do is hit a new endpoint.
Sign in milliseconds
CubeSigner signs messages in tiny fractions of a second at over 99.999% reliability. It can support performance-critical use cases like high-frequency trading, which is impossible if you’re managing keys with MPC.
Vary custody setups
Use CubeSigner to manage your own keys or to manage end-user keys; choose between an end-user model where only your users can initiate transactions, or where your application can initiate transactions on their behalf.
Lock down signing in an emergency
Instead of giving developers, users, or organization members access to raw keys, CubeSigner grants fine-grained, instantly revocable signing sessions. You control who can sign which messages when, and can instantly revoke signing sessions in an emergency.
Monitor and audit your system
Set up alerts for signing requests that violate policies, for suspected signing token compromise, and for on-chain activity that’s inconsistent with CubeSigner logs.
Eliminate complex attack vectors
We use constant-time crypto and physical isolation to protect against side-channel attacks. The policy engine makes it easy for users to wield the least privilege possible, and our scoped sessions make least privilege mandatory.
Staking
Protect your validators from insider threats, slashing, front-running, and catastrophic mistakes, with endpoints for Etheruem staking, unstaking, and validator signing via a Web3Signer-compatible interface.
Consumer Wallets
Create safe, frictionless wallet experiences without seed phrases or other web3-native complexity. Use primitives for social login, two-factor authentication, multi-factor approval, key recovery, and transaction monitoring to customize each user’s wallet security as their risk profile changes.
Gaming
Programmatically create seedless wallet experiences, mint NFTs, and sign transactions across different chains in small fractions of a second—without interrupting the flow of the game.
Restaking
Protect your validators as they secure new and different chains. CubeSigner’s anti-slashing policies are flexible enough to prevent slashing across different protocols with unique slashing conditions.
Trading
Automate low-latency trading with the CubeSigner API, and define custom, per-key safety policies to protect assets in different accounts. Specify, for example, that a key can transact with a DEX only for a restricted set of tokens, or with a specified set of wallet addresses up to a certain transaction value.
Custody
Quickly support any chain, and customize secure self-custody for all of them: set safety policies on individual keys and respond to threats in real-time by instantly revoking signing privileges.
