Our work secures systems you use every day
Hot wallet speed
+ cold wallet security
Meet CubeSigner, a low-latency API for generating keys and signing transactions inside secure hardware. Stay safe from insider threats, app compromise, and costly mistakes without sacrificing performance.
Built by world-renowned professors and practitioners of applied cryptography, systems security, and formal verification.
Web3’s most security-conscious teams use CubeSigner
Nearly $700 M has been lost in 2023 to private key compromise and access control exploits.
As an industry, we…
Are you surprised that keys get stolen?
in cloud accounts
secure key manager
Protect keys in secure hardware from generation to signing
Give every key a custom security policy
Recover keys directly to cold storage
Cubist consistently provides high-quality, well-documented code built with a security-first design. Their developers actively collaborated with our auditors and promptly provided fixes. It's a pleasure to review code for Cubist projects.
— not security theater
WebAssembly and Back Again: Fine-Grained Sandboxing in Firefox 95
CT-Wasm: Type-Driven Secure Cryptography for the Web Ecosystem
CVE-2019-11745: Out of bounds write in NSS when encrypting with a block cipher
Building a secure key manager is harder than it looks
We build on gold standards, not magic dust
But wait... what about MPC?
What’s the matter with doing crypto in the browser?
tradeoff is over
Instantly support many blockchains
Sign transactions for Bitcoin, Solana, Cardano, EVM chains, and Ethereum’s Beacon chain, or sign raw hashes with Secp256k1, Ed25519, and Stark. To add a new chain, all you do is hit a new endpoint.
Sign in milliseconds
CubeSigner signs messages in tiny fractions of a second at over 99.999% reliability. It can support performance-critical use cases like high-frequency trading, which is impossible if you’re managing keys with MPC.
Vary custody setups
Use CubeSigner to manage your own keys or to manage end-user keys; choose between an end-user model where only your users can initiate transactions, or where your application can initiate transactions on their behalf.
Lock down signing in an emergency
Instead of giving developers, users, or organization members access to raw keys, CubeSigner grants fine-grained, instantly revocable signing sessions. You control who can sign which messages when, and can instantly revoke signing sessions in an emergency.
Monitor and audit your system
Set up alerts for signing requests that violate policies, for suspected signing token compromise, and for on-chain activity that’s inconsistent with CubeSigner logs.
Eliminate complex attack vectors
We use constant-time crypto and physical isolation to protect against side-channel attacks. The policy engine makes it easy for users to wield the least privilege possible, and our scoped sessions make least privilege mandatory.