Breaking
CUBIST names ex-Gemini exec Rohan Chauhan as President - Jan 2026 CUBESIGNER signs from inside secure hardware in milliseconds Keys sealed in AWS Nitro Enclaves - even Cubist can't extract them $7M seed led by Polychain Capital Founders co-authored the BLS signature standard used by Ethereum In production securing Ethereum validators CUBIST names ex-Gemini exec Rohan Chauhan as President - Jan 2026 CUBESIGNER signs from inside secure hardware in milliseconds Keys sealed in AWS Nitro Enclaves - even Cubist can't extract them $7M seed led by Polychain Capital Founders co-authored the BLS signature standard used by Ethereum In production securing Ethereum validators
YesPress Dossier / Company San Diego, California · Est. 2022
Web3 Infrastructure · Key Management

Cubist keeps the key where nobody can touch it.

A key-management company built by cryptographers who decided the choice between security and speed was a false one - and set out to prove it in hardware.

$7M
Seed / Polychain
~21
Employees
4
Founders
80+
Papers Published
Cubist logomark - three interlocking cube faces in blue, orange and off-white
THE MARK. Three cube faces, one shared corner. A cryptographic root of trust rendered as a logo - the point where security, speed and convenience are supposed to meet.
Share this dossier LinkedIn X Facebook Instagram
The Story

A vault that answers in a millisecond

There is an old joke in cryptocurrency that the only truly secure wallet is one you have thrown into the ocean. It is secure because it is unreachable, and it is useless for exactly the same reason. This is the central, slightly absurd tension of digital assets: the thing that makes a key safe - keeping it far from any computer, any network, any human - is the same thing that makes it hard to actually use. You can have security or you can have speed. Pick one, and apologize to the other.

Cubist, a San Diego company founded in 2022, was built on the premise that this is a false choice, and that the reason everyone accepts it is that they have not read enough security papers. The four founders have read a great many. Between them they have published more than 80 peer-reviewed papers in applied cryptography, systems security, and formal verification; found high-severity bugs in Chrome and Firefox; shipped the sandboxing that protects millions of Firefox users; and designed cryptographic primitives that sit underneath Ethereum and Avalanche. This is a company where the founders wrote parts of the standards their own product depends on.

The product is called CubeSigner, and the trick it pulls is conceptually simple even if the engineering is not. Instead of handing an application the raw private key - the digital equivalent of mailing someone your house key so they can water the plants - CubeSigner keeps the key sealed inside secure hardware: hardware security modules and AWS Nitro Enclaves. The application never sees the key. It asks, politely, over an API, for a signature. The hardware signs. The key never leaves.

What makes this more than a fancy HSM is the word "milliseconds." Traditional hardware-backed signing is slow and clunky, which is why people reach for hot wallets that keep keys in memory where an attacker can grab them. Cubist's bet is that if hardware signing is fast and convenient enough - a few lines of code, a revocable session, an answer back before you notice the wait - nobody has a reason to keep a raw key lying around anymore. Cold-wallet security, hot-wallet speed, is the tagline, and for once the tagline is also the technical claim.

Around the signer sits a programmable policy engine, which is the part that turns "don't lose the key" into "the key will refuse to sign anything that breaks these rules." You can require multiple approvals for a large transfer, enforce spending limits, block the conditions that get an Ethereum validator slashed, or gate access by role. The policies are code, and the hardware enforces them before a signature ever happens. This is a meaningfully different pitch from most custody products, which ask you to trust a black box. Cubist's version is closer to: here is the box, here is the code, and here is the cryptographic attestation that the code is what ran.

The customers are the people for whom a lost key is not an inconvenience but a headline: staking providers, DeFi protocols, cross-chain bridges, and wallet builders. Bridges are a special case of misery in crypto - they have been drained for hundreds of millions of dollars - and Cubist ships a product called Bascule Drawbridge that watches on-chain and off-chain state in real time and attests that a withdrawal actually matches a deposit before funds move. It is the security equivalent of checking that the money you are handing out was actually put in.

There is also a more forward-looking line of work: Confidential Cloud Functions, which run private, verifiable code inside trusted execution environments. The pitch there is off-chain smart contracts and on-chain AI agents that can hold secrets and prove they behaved - a bet that the next set of blockchain applications will need somewhere private but accountable to do their computing.

CubeSigner doesn't force teams to choose between security, performance, and convenience.

— Cubist, on the tradeoff it was built to erase
How It Works

A signature, without the key ever leaving the box

STEP 01
Generate

Keys are created and stored inside HSM-sealed Nitro Enclaves. They never exist in plaintext outside secure hardware.

STEP 02
Request

An app opens a revocable session and asks for a signature over a simple API call - it never handles the raw key.

STEP 03
Enforce

The programmable policy engine checks the request against your rules: limits, approvals, anti-slashing, roles.

STEP 04
Sign

The hardware signs and returns the result in milliseconds, with cryptographic attestation of what ran.

4
Chains signed: ETH · AVAX · BTC · SOL
20+
CVEs found in Chrome & Firefox
ms
Latency, inside secure hardware
100%
Non-custodial by design
The Founders

Two professors, a chief scientist, and a fintech operator

Co-Founder · CEO

Applied cryptographer and CMU faculty. Co-inventor of proof systems (Lasso, Hyrax, Brakedown) and co-author of RFC 9380 and the BLS signature standard used by Ethereum and Avalanche.

Ann Stefan
Co-Founder · COO

Fintech executive bringing operational and go-to-market experience from years running finance-industry products - the Wall Street half of a very academic cap table.

Fraser Brown
Co-Founder · CTO

Assistant professor at Carnegie Mellon and a software-security researcher whose work has surfaced serious vulnerabilities in widely used systems.

Deian Stefan
Co-Founder · Chief Scientist

Associate professor at UC San Diego. Helped ship Firefox's RLBox sandboxing, protecting millions of browser users from untrusted code.

In January 2026 the founding four were joined by Rohan Chauhan, a former Gemini executive who ran its prediction-markets platform, as President - a signal that the security researchers are now courting institutions.

The Product Suite

Six ways to never touch a raw key

01

CubeSigner · Self-Custody

Hardware-backed, non-custodial key management for teams and protocols. Signatures via revocable sessions; keys stay inside the enclave.

02

CubeSigner · End-User Custody

Wallet-as-a-Service and embedded wallets with millisecond remote signing, an account recovery SDK, and encrypted key backups.

03

Programmable Policy Engine

Policies-as-code: spending limits, role-based access, multi-party approvals and anti-slashing, all enforced in hardware before signing.

04

Confidential Cloud Functions

Private, verifiable off-chain code in TEEs - the substrate for hardware-enshrined smart contracts and on-chain AI agents.

05

Bitcoin & Babylon Workflows

Advanced Bitcoin signing and self-custodial staking, including Babylon staking flows for Bitcoin holders.

06

Bascule Drawbridge

Real-time bridge security: cross-chain mint/withdrawal verification and on-chain attestation to catch mismatches before funds move.

The Money

$7M to bet on the boring part

2023
Seed · $7.0M

A single seed round in March 2023, led by Polychain Capital. No token, no follow-on hype cycle - just infrastructure money for infrastructure work.

Polychain Capital dao5 Amplify Partners Blizzard Paxos Polygon Axelar Bessemer Protocol Labs
Who Uses It

The people for whom a lost key is a headline

Staking providers, DeFi protocols, bridges and wallet builders. CubeSigner is in production securing Ethereum validators.

KilnLombardBabylonAnkrSquiddappOSTomoDogeOSXLabsZeroShadowAva LabsConsenSys
Timeline

From lab to production

2022
Cubist founded in San Diego by four cryptography and security researchers.
MARCH 2023
Raises $7M seed led by Polychain Capital.
APRIL 2023
Launches CubeSigner, a hardware-backed key management platform for Web3 infrastructure.
NOVEMBER 2023
Ships Wallet-as-a-Service with millisecond-latency remote signing inside secure hardware.
JANUARY 2026
Names former Gemini executive Rohan Chauhan as President to lead institutional go-to-market.
Curious Facts
  • The CEO co-authored the BLS signature standard that Ethereum and Avalanche rely on - so Cubist partly guards the crypto its own founders helped design.
  • Keys live inside AWS Nitro Enclaves and HSMs, so even Cubist can't extract them.
  • Before crypto, the founders shipped browser sandboxing used by millions of Firefox users.
  • The founding team pairs Carnegie Mellon and UC San Diego professors with a fintech operator.
  • CubeSigner signs across EVM chains and Bitcoin and Solana from one API.
Go Deeper

Links, talks & docs

Cubist's site, code, socials, and a podcast conversation with CEO Riad Wahby on Web3 security and key management.

Primary contact: r@cubist.dev · Reporting compiled from public sources. Figures are approximate where noted.