In Web3, security and user experience often clash. Users choose between self-custody security or centralized convenience. We found a better way with our security partner @cubistdev.

@tomo_wallet uses CubeSigner, a non-custodial signing service that keeps private keys inside secure hardware. Your keys live in Cubist's virtual HSM built on FIPS 140-certified hardware. Keys never touch user devices or browsers.

Tomo can't access your keys. Cubist can't access your keys. Only you can through authenticated requests to the secure enclave. Your explicit permission is required for every transaction or key export.

Transaction signing happens inside CubeSigner's virtual HSM using secure enclaves. Keys are encrypted with ChaCha20-Poly1305 and only decrypted inside the enclave during authenticated requests. Raw keys never exist in memory or browsers.