Cubist Launches Non-Custodial Key Management Platform for Web3 Infrastructure
In Brief
The non-custodial key management platform is designed to help infrastructure engineering teams secure and programmatically manage their secret keys.
Cubist’s team is led by a former fintech Head of Fraud Operations and Computer Security professors.
Cubist’s non-custodial key manager allows web3 services providers, blockchains and validator operators to lock their secret keys in secure hardware.
Security-focused web3 tools provider Cubist Inc. has launched today a non-custodial key management platform to help web3 infrastructure engineering teams secure and programmatically manage their secret keys.
The founding team of the San Diego-based firm comprises a former fintech head of fraud and three computer science and engineering professors from Carnegie Mellon University and the University of California San Diego.
According to DeFi Llama, over $1.5 billion has been stolen since the beginning of 2022 due to secret key compromises and access control exploits in web3. The compromise between security and convenience has forced some teams to take shortcuts, such as storing their secret keys on the same server as their validator software.
On the other hand, others have been assembling commercially available vaults and signers, leading to intricate systems that offer minimal security, leaving secret keys vulnerable to unauthorized access.
“DeFi’s long-term potential hinges on security. Stakers and validators must be confident that their funds are safe, but today’s frequent key management failures and multi-million-dollar hacks totally undermine that confidence,” said Riad Wahby, Co-Founder and Chief Executive Officer of Cubist. “
Cubist aims to solve web3 security problems with its non-custodial key manager, which allows web3 teams to lock their secret keys in secure hardware and use short-lived revocable privileges—instead of the keys themselves—to programmatically sign transactions and validation messages.
Chief Operating Officer Ann Stefan told Blockworks that the key manager is also designed to protect against unintentional errors that Web3 engineers may make while coding tech stacks. These errors can create security vulnerabilities that expose dApp users to exploits.
The key manager simplifies the process of defining access control rules, for instance, by ensuring that validator clients can only generate attestations for their assigned keys. Custom key usage policies can also be easily configured using this tool, such as requiring multi-factor authentication to withdraw staked funds. In addition, the key manager provides built-in features, such as Cubist’s anti-slashing protection, anomaly detection alerts, and audit trail.
Cubist’s first publicly announced key management customer is Ankr, a provider of web3 infrastructure, developer tooling, and liquid staking. Ankr is using the key manager to secure Ethereum validators, including the execution of safe withdrawals made possible after last week’s Shanghai upgrade, according to a press release.
Read more:
Disclaimer
In line with the Trust Project guidelines, please note that the information provided on this page is not intended to be and should not be interpreted as legal, tax, investment, financial, or any other form of advice. It is important to only invest what you can afford to lose and to seek independent financial advice if you have any doubts. For further information, we suggest referring to the terms and conditions as well as the help and support pages provided by the issuer or advertiser. MetaversePost is committed to accurate, unbiased reporting, but market conditions are subject to change without notice.
About The Author
Cindy is a journalist at Metaverse Post, covering topics related to web3, NFT, metaverse and AI, with a focus on interviews with Web3 industry players. She has spoken to over 30 C-level execs and counting, bringing their valuable insights to readers. Originally from Singapore, Cindy is now based in Tbilisi, Georgia. She holds a Bachelor's degree in Communications & Media Studies from the University of South Australia and has a decade of experience in journalism and writing. Get in touch with her via cindy@mpost.io with press pitches, announcements and interview opportunities.
More articlesCindy is a journalist at Metaverse Post, covering topics related to web3, NFT, metaverse and AI, with a focus on interviews with Web3 industry players. She has spoken to over 30 C-level execs and counting, bringing their valuable insights to readers. Originally from Singapore, Cindy is now based in Tbilisi, Georgia. She holds a Bachelor's degree in Communications & Media Studies from the University of South Australia and has a decade of experience in journalism and writing. Get in touch with her via cindy@mpost.io with press pitches, announcements and interview opportunities.