Cubist Announces Hardware-Backed Key Management Platform for Web3 Infrastructure


Share post:

Cubist Inc., a security-focused Web3 tools provider, today announced the launch of a non-custodial key management platform designed to help infrastructure engineering teams secure and programmatically manage their secret keys. Cubist’s team is led by a former fintech Head of Fraud Operations and Computer Security professors from Carnegie Mellon University and University of California San Diego who have spent their careers developing and deploying technologies that make complex production systems more secure.

Since the beginning of 2022, over $1.5B has been lost due to secret key compromises and access control exploits in Web3. Without a streamlined key management solution, infrastructure teams have been forced to compromise on both security and convenience. Some teams opt for simplicity, storing their secret keys on the same server that runs their validator software. Others go through the enormous effort of piecing together commercially available vaults and signers, resulting in complex systems that offer little security in the best case—and cause disaster in the worst. Both arrangements expose direct access to raw secret keys, meaning a breach or insider threat could result in serious loss.

Cubist is tackling this problem head on. Cubist’s non-custodial key manager allows staking-as-a-service providers, blockchains, and other validator operators to lock their secret keys in secure hardware and use short-lived revocable privileges—instead of the keys themselves—to programmatically sign transactions and validation messages. The key manager makes it easy to specify access control rules (e.g., validator clients generate attestations only for their assigned keys) and custom key usage policies (e.g., multi-factor authentication required to withdraw staked funds), and to take advantage of Cubist’s anti-slashing protection, anomaly detection alerts, and audit trail out-of-the-box.

Also Read: Is ChatGPT a Threat to Software Engineers?

The team designed and built the platform following a single principle: treat everything as untrusted. This gives organizations very strong security properties; even if an organization’s systems are hacked, Cubist’s key manager can prevent an attacker from signing malicious withdrawal transactions or validation messages. The policy engine at the heart of the key manager was designed to be automatically checked using formal verification, ensuring that policies are always correctly enforced. All cryptographic code runs inside secure hardware modules, meaning that no one—not even Cubist—can see, copy, or steal raw secret keys. This unique design combines the team’s world-renowned academic research across systems security, verification, and cryptography to provide higher assurance than any existing key management solution.

“DeFi’s long-term potential hinges on security. Stakers and validators must be confident that their funds are safe, but today’s frequent key management failures and multi-million-dollar hacks totally undermine that confidence,” said Riad Wahby, Co-Founder and Chief Executive Officer of Cubist. “We’re confident that Cubist’s infrastructure-focused key management dramatically reduces risk, making it much easier to run secure validators on Ethereum and other Proof-of-Stake chains.”

Cubist’s first publicly announced key management customer is Ankr, one of the world’s leading Web3 infrastructure, developer tooling, and liquid staking providers. Cubist’s key manager is securing Ankr’s Ethereum validators, including the execution of safe withdrawals, which are now possible thanks to last week’s Shanghai network upgrade.

“Ankr is thrilled to be working with Cubist to enable secure withdrawals of staked ETH for the first time on Ethereum Proof-of-Stake,” said Stanley Wu, Co-Founder and Chief Technology Officer of Ankr. “Our priority is always protecting our customers’ funds. We chose Cubist because their team includes preeminent experts in applied cryptography and systems security. They are uniquely qualified to secure Ankr’s most critical workflows. We believe Cubist’s involvement will make Ankr the most secure choice for Ethereum liquid staking.”

Cubist’s key manager is now available to teams running infrastructure on a variety of chains, including Ethereum following its Shanghai upgrade. Staking providers can use Cubist’s solution to enable secure withdrawals of staked ETH for the first time, or to upgrade the security of their existing validators on Ethereum or other chains. Cubist offers a safe and easy process for migrating secret keys from existing keystores to Cubist’s hardware-backed storage and provides an interface for popular validator clients like Lighthouse and Prysm.

TalkDev Bureau
TalkDev Bureau
The TalkDev Bureau has five well-trained writers and journalists, well versed in B2B enterprise technology industry, and constantly in touch with industry leaders for the latest trends, opinions, and other inputs- to bring you the best and latest in the domain.

Related articles raises $10M to give any developer the ability to build AI meeting bots in days

Conversations are now the world’s largest dataset. Millions of hours of meetings happen everyday over video conferencing platforms,...

What to Consider When Building a Virtual Reality (VR) App

We have all watched sci-fi movies like The Matrix or played games like Call of Duty. But what...

FOSS Communities Navigate AI’s Impact: Restrictions on AI-Generated Code in Key Linux Distributions

The Free and Open Source Software (FOSS) community has implemented policies to forbid or heavily restrict the usage...

Intel’s Falcon Shores AI Processor Sets New Power Consumption Record at 1500W, Surpassing Nvidia’s Latest

Intel's upcoming Falcon Shores hybrid processor will combine x86 and Xe GPU cores to deliver high performance for...