is risk management
Prevent hacks by programming what each key can sign
Specify safety policies for individual keys: one key can transact with a DEX only for a restricted set of tokens, for example, while another can’t sign large transactions without multi-factor approval. All keys stay hidden in secure hardware even while signing, since CubeSigner grants revocable sessions instead of access to raw keys.
Sign fast with high throughput
Sign messages in tiny fractions of a second and count on over 99.999% reliability. MPC can’t do that.
Instantly respond to breaches
Get alerts for signing requests that violate policies, suspected signing token compromise, and suspicious on-chain activity. In an emergency, revoke signing access for individual keys, team members, or even your whole organization.
Defend against catastrophe with hardware-locked cold storage
Choose a set of YubiKeys (e.g., 7) and a decryption threshold (e.g., 4/7). Each time you generate or import a key, you receive a cold-storage backup ciphertext that can only be decrypted by your quorum of YubiKeys.
Want to share custody or offload risk?
Add a layer of control by safeguarding some or all of the YubiKeys with your client, DAO, trustee, qualified custodian, insurance partner, or other trusted party.
Build your own
Be the custodian
Delegate custody to others
Share custody with clients or partners
Or learn more about giving your users custody of their own keys