Today we announced the public release of our CubeSigner Wallet-as-a-Service (“WaaS”). CubeSigner is the first WaaS with the speed, convenience, and security to support everything from loyalty programs to market makers. Applications request signatures via simple API calls, and CubeSigner signs from within secure hardware—where keys are safe from prying eyes.

Since the start of 2023, over $350 million has been lost as a result of key compromise and access control exploits. Engineering teams across the entire digital asset space have faced a ruinous tradeoff, forced to choose between making keys instantly available in memory (and therefore exposed to attackers) and trying to keep keys safe (at serious latency and engineering cost). Some teams, for example, use hot wallets for trading or gaming, since the latency of popular MPC-based solutions is orders of magnitude too slow. Other teams opt for convenient in-browser signing at the risk of revealing their keys to remote attackers. While these choices may seem reasonable at a glance, they’ve been the root cause of million-dollar hacks—hacks that would have been prevented by a convenient and safe key management solution.

CubeSigner is that key manager: it keeps keys both constantly safe and instantly available, even in the presence of insider threats and breaches. CubeSigner lets users request signatures through revocable signing sessions instead of giving direct access to raw keys. Users can’t accidentally leak their keys and attackers can’t steal keys because key material stays locked in secure hardware, during both generation and signing. CubeSigner’s use of bank-grade Hardware Security Modules (HSMs) cryptographically sealed to AWS Nitro Enclaves offers millisecond latency, scales to hundreds of millions of wallets, and supports arbitrary chains. Finally, companies that use CubeSigner—or their end-users—can export encrypted signing keys to cold storage at any time using a hardware-to-hardware cryptographic protocol.

CubeSigner is already in production as a first-of-its-kind key manager for Ethereum validators, where security and performance are both critical. This launch makes CubeSigner available to teams building wallets, consumer loyalty programs, games, trading platforms, custody platforms, and more, across virtually any chain. CubeSigner currently supports Secp256k1, Ed25519, BLS, and Stark curve signing and is easily extended to support new signature schemes.

“We built CubeSigner so that no one has to choose between fast, safe, and easy to use,” said Riad Wahby, Co-Founder and CEO of Cubist. “As a result of the Cubist team's decades of academic and industry work securing production systems, CubeSigner protects keys with best-in-class security. At the same time, it improves user experience with its unbeatable responsiveness—it's literally a hundred times faster than competing products. With its flexible social login, built-in minting services, powerful key recovery, and broad chain support, CubeSigner represents a quantum leap for the Web3 ecosystem.”

Through collaborations with customers across many verticals, CubeSigner has evolved to support a wide variety of custody setups. The system, for example, makes self-custody easy for organizations, and alternatively lets customers offload risk by looping in a qualified custodian or trustee. Customers can also build Web2-like wallets in which end users control their own keys, using CubeSigner’s primitives for social login, minting-as-a-service, seedless account recovery, and security guardrails that evolve with users’ needs. Finally, any application can set per-key usage policies (e.g., require two-factor approval for large transactions), and every CubeSigner deployment comes with real-time monitoring for suspected session compromises, suspicious activity, and signing requests that violate usage policies.

“The launch of CubeSigner is a significant step towards making Web3 more approachable, accessible, and safe,” said Luke Pearson, General Partner at Polychain Capital. “CubeSigner brings the sophistication of some of the world’s most renowned security experts to the fingertips of Web3 users, enabling them to comfortably and safely control their own assets with a level of customization, scalability, and trust that is truly unmatched. We are excited to finally use a wallet that marries safety and convenience, and look forward to continually supporting the talented Cubist team.”

“Security is one of the indispensable pillars that Ava Labs has built our business on, and Cubist’s key management solution allows us to deliver products to our customers that are both secure and user-friendly,” said Nicholas Mussallem, SVP of Product at Ava Labs. “We are excited to continue to leverage Cubist’s top-of-the-line security technology as we launch and scale products our customers love.”

“As both a customer of and personal investor in Cubist, I have been fortunate enough to witness, first-hand, the continued value that Cubist is delivering to the broader Web3 ecosystem through their security products,” said Ryan Fang, Co-Founder of Ankr. “Leaning on their combined decades of experience securing some of the most complex and important technological systems, Cubist is building game-changing and differentiated products, including their latest Wallet-as-a-Service solution. They are addressing some of the most critical issues in Web3 by creating a safe and simple path to absolute capital efficiency.”

The CubeSigner launch follows several recent announcements. Since September, MetaMask selected our CubeSigner Snap to be included in the initial release of the Snap Directory, and we announced anti-slashing partnerships with EigenLayer and Babylon.

Press

CoinDesk

Contact

Sam Cohen at Gasthalter & Co.

(212) 257-4170