Our craft, written down

Cubist's team is on the cutting edges of cryptography, zero-knowledge proofs, systems security, formal verification, and more. Our academic background means that we're obsessed with sharing what we know—clearly and correctly.

Latest posts

Cubist + Really and the future of movie fan engagement

Cubist + Really and the future of movie fan engagement

Our newest partner, Really, is re-imagining moviegoing. Really wallets, powered by CubeSigner, allow movie fans to use NFTs access exclusive rewards, content, and events.

December 21, 2023
Introducing the Secure Staking Alliance

Introducing the Secure Staking Alliance

Cubist is excited to announce the Secure Staking Alliance, a new cross-industry partnership with the mission of making staking—from traditional staging to liquid staking and restaking—more secure.

November 9, 2023
Cubist launches millisecond-latency Wallet-as-a-Service

Cubist launches millisecond-latency Wallet-as-a-Service

CubeSigner is the first WaaS with the speed, convenience, and security to support everything from loyalty programs to market makers.

November 1, 2023
Threat modeling for web3 key management

Threat modeling for web3 key management

Here, we ask: What kind of attacker could extract private keys from a given key management setup? There is a reason we didn't take the YOLO approach (signing in the browser) or the marketing-driven approach (MPC).

November 1, 2023
MPC does have a single point of failure

MPC does have a single point of failure

Our team has deep academic experience with MPC, which is why we understand its practical limitations: it doesn't give the security guarantees you think it does.

November 1, 2023
Why you should NEVER handle private keys in the browser

Why you should NEVER handle private keys in the browser

Writing secure cryptographic code in JavaScript is basically impossible, so it’s safe to assume that browser-based wallets are…unsafe.

November 1, 2023
Cubist & Babylon partner on anti-slashing for Bitcoin stakers

Cubist & Babylon partner on anti-slashing for Bitcoin stakers

We're excited to announce our partnership with Babylon to make Bitcoin staking—and restaking!—safe by design.

October 19, 2023
Cubist & EigenLabs anti-slasher collaboration

Cubist & EigenLabs anti-slasher collaboration

Cubist is excited to announce a new partnership: we are working with EigenLabs to build anti-slashers that will help honest operators avoid getting slashed on EigenLayer.

September 19, 2023
Hardware-backed signing for MetaMask developers

Hardware-backed signing for MetaMask developers

Our Snap lets Snap- or dapp-developers use CubeSigner, our hardware-backed key management system, to safely sign transactions on behalf of their MetaMask users.

September 12, 2023
Intel SGX is broken (again)

Intel SGX is broken (again)

Last week, security researcher Daniel Moghimi publicly announced the new Downfall attack that can steal private keys from Intel SGX hardware. In this post, we review the SGX architecture and discuss its underlying security problems. Then, we describe the process we used for evaluating which secure hardware to use in our key manager.

August 15, 2023
Your validator can get slashed even if you do everything by the book

Your validator can get slashed even if you do everything by the book

This blog post outlines a handful of accidental slashing scenarios, and explains how you can protect yourself and your validators—even if something goes wrong.

July 6, 2023
Passkeys for secure web3 workflows

Passkeys for secure web3 workflows

Passkeys are fundamentally changing how we authenticate on the web. They can fundamentally improve the security of web3 tools too.

May 18, 2023
Understanding the security of web3 remote signing

Understanding the security of web3 remote signing

The signing code that uses secret keys should not be able to talk to the network or filesystem, and your logging library should definitely not be in your trusted computing base.

May 1, 2023
You're likely not securing your staking keys properly

You're likely not securing your staking keys properly

We review the challenges infrastructure teams face when trying to secure staking keys and why we've been working on a hardware-backed key manager.

April 19, 2023
Cubist launches key management platform

Cubist launches key management platform

We're excited to launch a non-custodial key management platform designed to help infrastructure engineering teams secure and programmatically manage their secret keys.

April 18, 2023
web3.js vs ethers.js

web3.js vs ethers.js

In this post, we explain why we ultimately prefer ethers.js—after outlining the anatomy of Ethereum transactions, the JSON-RPC API, and why JavaScript libraries are helpful to begin with.

April 5, 2023
Cubist raises $7M seed round

Cubist raises $7M seed round

The round was led by Polychain Capital, with participation from venture capital and strategic investors including dao5, Amplify Partners, Polygon, Blizzard, Axelar, and more.

March 8, 2023
Announcing our Cross-Chain SDK

Announcing our Cross-Chain SDK

The alpha version of the Cross-Chain SDK is now available for early access. The Cross-Chain SDK is the first SDK designed for multi-chain/cross-chain development. Switch chains by editing one line of configuration!

January 18, 2023
The cross-chain status quo

The cross-chain status quo

We walk through the cross-chain development status quo with code examples for multiple blockchains and bridge providers. This post covers writing cross-chain smart contracts.

January 12, 2023
Why we’re building Cubist

Why we’re building Cubist

The future of Web3 is applications, not speculation. That's why we're building Cubist: to let developers create the future of Web3 safely and productively—without repeatedly reinventing the wheel.

January 10, 2023