Lock down your staking workflows

Cubist’s non-custodial key manager protects your staking keys with secure hardware, and uses short-lived, revocable privileges to sign transactions and validation messages according to policies you set. No one can see, copy, or steal your secret keys (or get you slashed!)—even if your system gets hacked.

Secure your validators

Treat everything as untrusted

We designed the key manager following a single principle: treat everything as untrusted. This means that no one—not even Cubist—can see, copy, or steal secret keys, because all cryptographic code (even signing!) runs in secure hardware. It means that all signatures are guarded by a policy engine to prevent signing that could drain your wallet or get your validator slashed. And it means that the policy engine and cryptographic code—the heart of our key manager—were designed to be formally verified, ensuring the crypto is right and that policies are correctly enforced.

Case study:
Secure key management for Ethereum liquid staking

Read the case study

“Ankr is thrilled to be working with Cubist to enable secure withdrawals of staked ETH for the first time on Ethereum Proof-of-Stake. Our priority is always protecting our customers’ funds. We chose Cubist because their team includes preeminent experts in applied cryptography and systems security. They are uniquely qualified to secure Ankr’s most critical workflows. We believe Cubist’s involvement will make Ankr the most secure choice for Ethereum liquid staking."

Stanley Wu, Co-Founder and CTO of Ankr

Anti-slashing for restakers

Reassure new operators with anti-slashing for restakers

An honest operator’s worst fear is accidental anti-slashing–and it only gets scarier when slashing conditions are unique and complex. CubeSigner’s anti-slashers protect restakers under almost any slashing condition imaginable.

Cubist is partnering with EigenLayer and Babylon to create anti-slashers for their restaking communities. Get in touch if you’re a restaker or if you’re designing a restaking protocol!

Art containing Cubist, EigenLayer, and Babylon logos

Security and convenience

One-stop signing shop

Use a single interface to generate different types of cryptographic keys (Secp, BLS, Ed25519, ECDSA) for any chain. Sign deposit transactions, block proposals, withdrawals—and more. Cubist produces every signature inside secure hardware.

Programmable policies

Write code to restrict how your keys are used, or choose from Cubist’s out-of-the-box policies that help you enforce MFA, access control, anti-slashing, and key usage. Stop worrying about double signing or losing funds.

Monitoring and audit trail

Get PagerDuty or Slack alerts about suspicious signing requests and anomalous user activity when your policies or Cubist policies are violated. Securely export activity logs for accounting, compliance, and investigations.

Safe validator migration

Migrate from your existing keystores to secure hardware—directly. Cubist's end-to-end encrypted import protocol keeps your keys secure in transit from your machine to the hardware security module. Even Cubist can't snoop on you.

Seamless upgrades

Upgrade your infrastructure—your validator client, your OS, even your cloud provider—without getting slashed or losing uptime. Cubist provides a remote signing interface that works out of the box with tools like Lighthouse and Prysm.

Secure export protocol

Get the benefits of hardware-backed storage and signing without the vendor lock-in. Cubist's export protocol lets you recover your keys using a quorum of secure hardware tokens to ensure continuity of access under all circumstances.

“Cubist's key management solution, and their entire team, was a backbone of the pxETH development cycle and continues to be our 
go-to solution for all things infrastructure.

Co-founder of Redacted
Secure Staking Alliance

Cubist is spearheading the Secure Staking Alliance

The Secure Staking Alliance was founded in 2023 by Cubist and 16 other industry-leading teams across web3's protocol, infrastructure, and security ecosystem.

We are collaborating to create open standards and best practices that will help web3 protocols, developers, and node operators design, build, and run secure (re)staking validator infrastructure.

Art containing Cubist, EigenLayer, and Babylon logos