Cubist is excited to announce the Secure Staking Alliance, a new cross-industry partnership with the mission of making staking—from traditional staging to liquid staking and restaking—more secure.

Here, we ask: What kind of attacker could extract private keys from a given key management setup? There is a reason we didn't take the YOLO approach (signing in the browser) or the marketing-driven approach (MPC).

Our team has deep academic experience with MPC, which is why we understand its practical limitations: it doesn't give the security guarantees you think it does.

Writing secure cryptographic code in JavaScript is basically impossible, so it’s safe to assume that browser-based wallets are…unsafe.

We're excited to announce our partnership with Babylon to make Bitcoin staking—and restaking!—safe by design.

Cubist is excited to announce a new partnership: we are working with EigenLabs to build anti-slashers that will help honest operators avoid getting slashed on EigenLayer.

Our Snap lets Snap- or dapp-developers use CubeSigner, our hardware-backed key management system, to safely sign transactions on behalf of their MetaMask users.

Last week, security researcher Daniel Moghimi publicly announced the new Downfall attack that can steal private keys from Intel SGX hardware. In this post, we review the SGX architecture and discuss its underlying security problems. Then, we describe the process we used for evaluating which secure hardware to use in our key manager.

This blog post outlines a handful of accidental slashing scenarios, and explains how you can protect yourself and your validators—even if something goes wrong.

Passkeys are fundamentally changing how we authenticate on the web. They can fundamentally improve the security of web3 tools too.

The signing code that uses secret keys should not be able to talk to the network or filesystem, and your logging library should definitely not be in your trusted computing base.

We review the challenges infrastructure teams face when trying to secure staking keys and why we've been working on a hardware-backed key manager.

We're excited to launch a non-custodial key management platform designed to help infrastructure engineering teams secure and programmatically manage their secret keys.

In this post, we explain why we ultimately prefer ethers.js—after outlining the anatomy of Ethereum transactions, the JSON-RPC API, and why JavaScript libraries are helpful to begin with.

The round was led by Polychain Capital, with participation from venture capital and strategic investors including dao5, Amplify Partners, Polygon, Blizzard, Axelar, and more.

The alpha version of the Cross-Chain SDK is now available for early access. The Cross-Chain SDK is the first SDK designed for multi-chain/cross-chain development. Switch chains by editing one line of configuration!

We walk through the cross-chain development status quo with code examples for multiple blockchains and bridge providers. This post covers writing cross-chain smart contracts.

The future of Web3 is applications, not speculation. That's why we're building Cubist: to let developers create the future of Web3 safely and productively—without repeatedly reinventing the wheel.