Since the beginning of 2022, Web3 has lost more than $1.5 billion because of hacked secret keys and access control flaws. If support teams don’t have a good key management system, they have to choose between putting security first or making things easier for people. Some teams choose to store their secret keys on the same computer as their checker software to make things easier. Some people put in a lot of work to combine vaults and signers that already exist, which can lead to complicated systems with limited security at best and possibly disastrous results at worst. Both setups give anyone free access to raw private keys, so a leak or an internal threat could cause a lot of damage.
Cubist talks about this clearly. Cubist’s non-custodial key manager lets staking-as-a-service providers, blockchains, and other validator operators store their secret keys safely in hardware and use short-term, revocable privileges to sign transactions and validation messages programmatically instead of using the keys themselves. The key manager makes it easier to set up access control rules, like letting validator clients only produce attestations for the keys they are assigned to, and to make personalized rules for how to use keys, like requiring multi-factor authentication to withdraw staked funds. Also, the key manager lets users use Cubist’s built-in features for anti-slashing protection, a notice of anomaly detection, and tracking of the audit trail.
The platform was designed and built by a team with one main idea in mind, which is that nothing can be trusted. Even if an organization’s systems are hacked, the key manager of Cubist can stop an attacker from signing fake exit transactions or confirmation messages. The policy engine of the key manager was made so that it could be formally checked to make sure that policies are followed regularly and correctly. As all encrypted software runs in safe hardware units, it is impossible for anyone, including Cubist, to see, copy, or steal raw private keys. This new design uses the team’s well-known research in systems security, proof, and cryptography to provide more confidence than any other key management product on the market.
DeFi’s ability to stay around for a long time depends on how safe it is. Riad Wahby, CEO and co-founder of Cubist, has said that making sure stakers and validators are safe is very important. But key management mistakes and major breaches that cost millions of dollars have happened over and over again, which has hurt this trust a lot. From our point of view, the amount of risk is greatly reduced by Cubist’s key management system, which puts infrastructure first. This makes it easier for Ethereum and other Proof-of-Stake chains to run safe validators.
Cubist just announced that Ankr is its first client for key management, which is a service that includes keeping cryptographic keys safe and storing them. Ankr is a major player in the fields of Web3 infrastructure, developer tools, and liquid staking. The main leader of Cubist is currently making sure that Ankr’s Ethereum validators are safe. This includes adding safe ways to take money, which are now possible thanks to a recent upgrade to the Shanghai network.
Stanley Wu, the Co-Founder and Chief Technology Officer of Ankr, was very excited about the partnership with Cubist, which will make it possible for claimed ETH on Ethereum Proof-of-Stake to be withdrawn for the first time ever in a safe way. Making sure that our clients’ money is safe is always our top priority. Cubist was picked because its group is made up of well-known experts in areas like applied cryptography and system security. They are very well-qualified to protect the important Ankr processes. We think that Cubist’s participation will make Ankr the safest option for Ethereum liquid staking.
After being updated in Shanghai, the main boss of Cubist is now open to groups that manage infrastructure across different networks, like Ethereum. Cubist’s approach can be used by providers of staking services to make it possible to remove claimed ETH safely for the first time or to make their existing validators on Ethereum and other blockchain networks more secure. Cubist makes it easy and safe to move sensitive keys from existing key stores to Cubist’s storage, which is backed by hardware. Also, it gives well-known validator clients like Lighthouse and Prysm a user interface.