Self-custody that's not an illusion

Cubist’s non-custodial key manager protects your infrastructure keys with secure hardware, and uses short-lived, revocable privileges to sign transactions and validation messages according to policies you set. No one can see, copy, or steal your secret keys—even if your system gets hacked.

Treat everything as untrusted

We designed the key manager following a single principle: treat everything as untrusted. This means that no one—not even Cubist—can see, copy, or steal secret keys, because all cryptographic code (even signing!) runs in secure hardware. It means that all signatures are guarded by a policy engine to prevent signing that could drain your wallet or get your validator slashed. And it means that the policy engine and cryptographic code—the heart of our key manager—were designed to be formally verified, ensuring the crypto is right and that policies are correctly enforced.

Case study:
Secure key management for Ethereum liquid staking

“Ankr is thrilled to be working with Cubist to enable secure withdrawals of staked ETH for the first time on Ethereum Proof-of-Stake. Our priority is always protecting our customers’ funds. We chose Cubist because their team includes preeminent experts in applied cryptography and systems security. They are uniquely qualified to secure Ankr’s most critical workflows. We believe Cubist’s involvement will make Ankr the most secure choice for Ethereum liquid staking."

-
Stanley Wu, Co-Founder and CTO of Ankr

Security and convenience

One-stop signing shop

Use a single interface to generate different types of cryptographic keys (Secp, BLS, Ed25519, ECDSA) for any chain. Sign deposit transactions, block proposals, withdrawals—and more. Cubist produces every signature inside secure hardware.

Programmable policies

Write code to restrict how your keys are used, or choose from Cubist’s out-of-the-box policies that help you enforce MFA, access control, anti-slashing, and key usage. Stop worrying about double signing or losing funds.

Monitoring and audit trail

Get PagerDuty or Slack alerts about suspicious signing requests and anomalous user activity when your policies or Cubist policies are violated. Securely export activity logs for accounting, compliance, and investigations.

Safe validator migration

Migrate from your existing keystores to secure hardware—directly. Cubist's end-to-end encrypted import protocol keeps your keys secure in transit from your machine to the hardware security module. Even Cubist can't snoop on you.

Seamless upgrades

Upgrade your infrastructure—your validator client, your OS, even your cloud provider—without getting slashed or losing uptime. Cubist provides a remote signing interface that works out of the box with tools like Lighthouse and Prysm.

Secure export protocol

Get the benefits of hardware-backed storage and signing without the vendor lock-in. Cubist's export protocol lets you recover your keys using a quorum of secure hardware tokens to ensure continuity of access under all circumstances.