A key-management company built by cryptographers who decided the choice between security and speed was a false one - and set out to prove it in hardware.
There is an old joke in cryptocurrency that the only truly secure wallet is one you have thrown into the ocean. It is secure because it is unreachable, and it is useless for exactly the same reason. This is the central, slightly absurd tension of digital assets: the thing that makes a key safe - keeping it far from any computer, any network, any human - is the same thing that makes it hard to actually use. You can have security or you can have speed. Pick one, and apologize to the other.
Cubist, a San Diego company founded in 2022, was built on the premise that this is a false choice, and that the reason everyone accepts it is that they have not read enough security papers. The four founders have read a great many. Between them they have published more than 80 peer-reviewed papers in applied cryptography, systems security, and formal verification; found high-severity bugs in Chrome and Firefox; shipped the sandboxing that protects millions of Firefox users; and designed cryptographic primitives that sit underneath Ethereum and Avalanche. This is a company where the founders wrote parts of the standards their own product depends on.
The product is called CubeSigner, and the trick it pulls is conceptually simple even if the engineering is not. Instead of handing an application the raw private key - the digital equivalent of mailing someone your house key so they can water the plants - CubeSigner keeps the key sealed inside secure hardware: hardware security modules and AWS Nitro Enclaves. The application never sees the key. It asks, politely, over an API, for a signature. The hardware signs. The key never leaves.
What makes this more than a fancy HSM is the word "milliseconds." Traditional hardware-backed signing is slow and clunky, which is why people reach for hot wallets that keep keys in memory where an attacker can grab them. Cubist's bet is that if hardware signing is fast and convenient enough - a few lines of code, a revocable session, an answer back before you notice the wait - nobody has a reason to keep a raw key lying around anymore. Cold-wallet security, hot-wallet speed, is the tagline, and for once the tagline is also the technical claim.
Around the signer sits a programmable policy engine, which is the part that turns "don't lose the key" into "the key will refuse to sign anything that breaks these rules." You can require multiple approvals for a large transfer, enforce spending limits, block the conditions that get an Ethereum validator slashed, or gate access by role. The policies are code, and the hardware enforces them before a signature ever happens. This is a meaningfully different pitch from most custody products, which ask you to trust a black box. Cubist's version is closer to: here is the box, here is the code, and here is the cryptographic attestation that the code is what ran.
The customers are the people for whom a lost key is not an inconvenience but a headline: staking providers, DeFi protocols, cross-chain bridges, and wallet builders. Bridges are a special case of misery in crypto - they have been drained for hundreds of millions of dollars - and Cubist ships a product called Bascule Drawbridge that watches on-chain and off-chain state in real time and attests that a withdrawal actually matches a deposit before funds move. It is the security equivalent of checking that the money you are handing out was actually put in.
There is also a more forward-looking line of work: Confidential Cloud Functions, which run private, verifiable code inside trusted execution environments. The pitch there is off-chain smart contracts and on-chain AI agents that can hold secrets and prove they behaved - a bet that the next set of blockchain applications will need somewhere private but accountable to do their computing.
CubeSigner doesn't force teams to choose between security, performance, and convenience.
Keys are created and stored inside HSM-sealed Nitro Enclaves. They never exist in plaintext outside secure hardware.
An app opens a revocable session and asks for a signature over a simple API call - it never handles the raw key.
The programmable policy engine checks the request against your rules: limits, approvals, anti-slashing, roles.
The hardware signs and returns the result in milliseconds, with cryptographic attestation of what ran.
Applied cryptographer and CMU faculty. Co-inventor of proof systems (Lasso, Hyrax, Brakedown) and co-author of RFC 9380 and the BLS signature standard used by Ethereum and Avalanche.
Fintech executive bringing operational and go-to-market experience from years running finance-industry products - the Wall Street half of a very academic cap table.
Assistant professor at Carnegie Mellon and a software-security researcher whose work has surfaced serious vulnerabilities in widely used systems.
Associate professor at UC San Diego. Helped ship Firefox's RLBox sandboxing, protecting millions of browser users from untrusted code.
In January 2026 the founding four were joined by Rohan Chauhan, a former Gemini executive who ran its prediction-markets platform, as President - a signal that the security researchers are now courting institutions.
Hardware-backed, non-custodial key management for teams and protocols. Signatures via revocable sessions; keys stay inside the enclave.
Wallet-as-a-Service and embedded wallets with millisecond remote signing, an account recovery SDK, and encrypted key backups.
Policies-as-code: spending limits, role-based access, multi-party approvals and anti-slashing, all enforced in hardware before signing.
Private, verifiable off-chain code in TEEs - the substrate for hardware-enshrined smart contracts and on-chain AI agents.
Advanced Bitcoin signing and self-custodial staking, including Babylon staking flows for Bitcoin holders.
Real-time bridge security: cross-chain mint/withdrawal verification and on-chain attestation to catch mismatches before funds move.
A single seed round in March 2023, led by Polychain Capital. No token, no follow-on hype cycle - just infrastructure money for infrastructure work.
Staking providers, DeFi protocols, bridges and wallet builders. CubeSigner is in production securing Ethereum validators.
Cubist's site, code, socials, and a podcast conversation with CEO Riad Wahby on Web3 security and key management.
Primary contact: r@cubist.dev · Reporting compiled from public sources. Figures are approximate where noted.