Prevent hacks by programming what each key can sign

Specify safety policies for individual keys: one key can transact with a DEX only for a restricted set of tokens, for example, while another can’t sign large transactions without multi-factor approval. All keys stay hidden in secure hardware even while signing, since CubeSigner grants revocable sessions instead of access to raw keys.

Safety policies for individual keys: tradeWith, sweepTo, requireApproval

Sign fast with high throughput

Sign messages in tiny fractions of a second and count on over 99.999% reliability. MPC can’t do that.

Art illustrating transaction signing with high throughput

Instantly respond 
to breaches

Get alerts for signing requests that violate policies, suspected signing token compromise, and suspicious on-chain activity. In an emergency, revoke signing access for individual keys, team members, or even your whole organization.

Art illustrating a system breach

Defend against catastrophe with hardware-locked cold storage

Choose a set of YubiKeys (e.g., 7) and a decryption threshold (e.g., 4/7). Each time you generate or import a key, you receive a cold-storage backup ciphertext that can only be decrypted by your quorum of YubiKeys.

Want to share custody or offload risk?

Add a layer of control by safeguarding some or all of the YubiKeys with your client, DAO, trustee, qualified custodian, insurance partner, or other trusted party.

CubeSigner's hardware-locked cold storage: choose a set of YubiKeys, establish a decryption threshold, generate or import a key, CubeSigner creates a cold-storage encrypted backup, use your quorum of YubiKeys to decrypt

Build your own
custody model

Be the custodian

Delegate custody to others

Share custody with clients 
or partners

Or learn more about giving your users custody of their own keys