Self-custody that's not an illusion
Cubist’s non-custodial key manager protects your infrastructure keys with secure hardware, and uses short-lived, revocable privileges to sign transactions and validation messages according to policies you set. No one can see, copy, or steal your secret keys—even if your system gets hacked.
Treat everything as untrusted
Secure key management for Ethereum liquid staking
“Ankr is thrilled to be working with Cubist to enable secure withdrawals of staked ETH for the first time on Ethereum Proof-of-Stake. Our priority is always protecting our customers’ funds. We chose Cubist because their team includes preeminent experts in applied cryptography and systems security. They are uniquely qualified to secure Ankr’s most critical workflows. We believe Cubist’s involvement will make Ankr the most secure choice for Ethereum liquid staking."
- Stanley Wu, Co-Founder and CTO of Ankr
Security and convenience
One-stop signing shop
Use a single interface to generate different types of cryptographic keys (Secp, BLS, Ed25519, ECDSA) for any chain. Sign deposit transactions, block proposals, withdrawals—and more. Cubist produces every signature inside secure hardware.
Write code to restrict how your keys are used, or choose from Cubist’s out-of-the-box policies that help you enforce MFA, access control, anti-slashing, and key usage. Stop worrying about double signing or losing funds.
Monitoring and audit trail
Get PagerDuty or Slack alerts about suspicious signing requests and anomalous user activity when your policies or Cubist policies are violated. Securely export activity logs for accounting, compliance, and investigations.
Safe validator migration
Migrate from your existing keystores to secure hardware—directly. Cubist's end-to-end encrypted import protocol keeps your keys secure in transit from your machine to the hardware security module. Even Cubist can't snoop on you.
Upgrade your infrastructure—your validator client, your OS, even your cloud provider—without getting slashed or losing uptime. Cubist provides a remote signing interface that works out of the box with tools like Lighthouse and Prysm.
Secure export protocol
Get the benefits of hardware-backed storage and signing without the vendor lock-in. Cubist's export protocol lets you recover your keys using a quorum of secure hardware tokens to ensure continuity of access under all circumstances.