Stop stressing about keys, deployments, and sweeps.
Say hello to web3’s first secure-by-design dev tools.
Sign safer,
build faster
Focus on products, not permissions
Spend your time on what and let us handle who has access where, when, why, and how.
Securely control your team’s web3 development, testing, deployment, and operations workflows with fine-grained access control and secure, hardware-backed signing.
Cubist takes care of the tricky—and risky—parts of web3 development and infrastructure management.
Secure your dapps
and web3 devops
Our founders include computer security professors from Carnegie Mellon University and UC San Diego and a former Head of Fraud Ops for a high-risk financial product. Our engineering team is filled with computer science PhDs and seasoned security and systems engineers.
We’re experts in
We’re here to help you (safely) build web3’s Next Big Thing.
Do you want to...
The web3 dev tools you’ve been searching for
Streamline your team's workflows with security-focused tools that abstract away low-level, error-prone implementation and infrastructure details.
Key management for validator infrastructure
Non-custodial, hardware-backed design: store keys and sign transactions using secure hardware. Your private keys never leave the tamper-proof environment, so no one—not even Cubist—can see, copy, or steal secrets.
Revocable privileges for remote signing: defend against breaches and insider threats by using short-lived privileges—instead of the keys themselves—to programmatically sign deposit transactions, withdrawals, and block validations. Revoke in an instant.
Custom policies, monitoring, and alerting: set up custom MFA, access control, and key usage policies—or use Cubist's secure defaults, which includes anti-slashing protection for staking and anomaly detection.
The first multi-chain and cross-chain SDK
Multi-chain, multi-language development: develop for EVM and non-EVM chains, and write off-chain code in JavaScript, TypeScript, or Rust.
Automatic cross-chain interaction: write code as if everything runs on a single chain; Cubist turns cross-chain calls into secure bridge code using your choice of bridge provider.
Push-button deployment: deploy to many chains with a single click.
Key management for dev workflows
Security-focused CI/CD: use the key manager standalone or with the Cubist SDK to securely streamline development, testing, deployment, and upgrades. CI shouldn't mean Clunky Integration.
Fine-grained team management: set custom access control rules at the key, role, or team granularity, and allow managers to instantly revoke access to keys if someone leaves the company or switches teams.
Secure cross-team operations: give the ops team temporary, one-off, or attenuated privileges to manage on-chain state. Don't invite the smart contract, security, and ops teams to every meal.
An A+ web3
testing framework
Testnet libraries: instantly spin up private testnets and funded test accounts for many chains. Never wait for a faucet again.
Simulation testing: there are so many good (bad) choices! Simulate terrible latency, time travel to a bad day on mainnet, or run thousands of trials under random conditions.
Automation tools: seamlessly run integration tests on configurable testnets in your CI, powered by the Cubist key manager.
You’re building a new cross-chain application
Write your cross-chain dapp as if it’s single-chain, and Cubist will generate the secure bridge code that lets your smart contracts interact seamlessly. If you want to change bridge providers (or even chains!), Cubist makes it as easy as changing your config and re-deploying your contracts. Use our cross-chain NFT marketplace as a jumping off point.
You’re designing your dapp’s testing pipeline
Your tests are repeatable—from developer to developer or in CI—until you decide to change something. Forget about manually spinning up test environments: with a few lines of configuration, you can go from a localnet to a private testnet, change chains altogether, or simulate a wide range of mainnet conditions. Get inspired by our customizable integration test examples.
You’re running institutional validator nodes
Store your staking and validator keys in secure hardware where no one can get them, and safely automate remote signing using Cubist’s APIs and built-in guardrails for staking deposits, validations, and withdrawals. Set your own policies for multi-factor authentication, access control, and key usage.
You’re managing a team of developers
Create user groups with different privileges, and make developers or services only as powerful as they need to be—without giving them access to sensitive keys. Force key rotation, revoke access to privileges, and proactively monitor for usage anomalies that might indicate a security breach. Start from our team management example.
