After a Spate of Incidents, the Future of Trading Bots is Decentralized and Self-Custodial

Trading bots have become a must-have for many cryptocurrency traders. However, following a spate of recent incidents where hackers and thieves have targeted popular bot apps, the industry needs to up its security game. Can decentralized, non-custodial trading bots like ApeX’s Telegram Bot help to restore trust?

Automated trading has become increasingly popular among traders of all stripes over recent years – most importantly, in risk management, as it allows traders to exit potentially unprofitable positions without having to monitor market conditions. In the volatile 24/7 cryptocurrency markets, some kind of automation is practically a necessity, both for managing risk and capturing opportunities. As a result, the market for trading bots has flourished over recent years, as an increasing number of providers have emerged with new products competing on factors such as ease of use, range of exchange and platform integration, sophistication of trading signals, and cost.

However, due to the fact that trading bots are necessarily involved in digital asset transactions, they’ve become prime targets for hackers and fraudsters. Over recent years, rinse-and-repeat AI trading bot scams using hard sales tactics such as fake celebrity endorsements, promises of wild returns, and scarcity pressure techniques have become rife across the crypto sector. In reality, the entire outfit is often an elaborate front designed to get as many users as possible to hand over their private keys.

Trading Bots Under Attack

Setting up a fake outfit is just one of many attack vectors and one that involves a substantial amount of planning and marketing to ute successfully. Over the last year or so, cybercriminals have also turned their attention to established trading bots – which in some cases, have been culpable in lax security practices that lay the ground for major incidents.

Last year, leading trading bot 3Commas was involved in a major incident after it emerged that the firm had inadvertently leaked 100,000 API keys belonging to its users, which resulted in the theft of $22 million worth of cryptocurrency from users’ accounts. The firm managed to compound the damage by denying any involvement in the incident for several days.

More recently, 3Commas was involved in a minor incident after the company revealed that “less than ten” user accounts were compromised and used for unauthorized trades.

In the same month as the second incident, two other popular bots came under attack within a week of one another. On October 25, Maestro, one of the most popular Telegram bots, suffered a severe external call vulnerability in its underlying smart contracts, enabling attackers to drain over 280 ETH (worth nearly $500,000.).

Six days later, Unibot, another Telegram bot, was hit. Analysts attributed the attack to an exploit in the smart contract’s call function, which allowed the culprit to siphon over $600,000 worth of ETH in the hour after the incident happened.

In these incidents, users were able to recover some of their losses. However, without an assurance that anything has changed, it’s difficult for operators to find ways to restore trust. This is where ApeX, which recently launched a decentralized, non-custodial Telegram trading bot of its own, has an opportunity to differentiate.

Flying the Flag for Decentralized Security

As a self-custodial tool, the ApeX Telegram Bot never takes control of your keys, so it cannot enable deposit or withdraw functions, meaning funds are always guaranteed to be as secure as your private keys. However, the bot does offer a comprehensive set of user functions enabling users to interact with digital assets, including the ability to select markets, place market orders, and monitor the P&L. It’s also possible to automate the closing of specific positions, or all positions. Furthermore, the ApeX Telegram Bot is the first L2 DEX bot to support derivatives trading.

The ApeX bot also uses a secure Bot Key to connect and onboard, which is generated by encrypting both the underlying blockchain STARK key and the API key, and used as the sole credential for onboarding to the bot. Each key is stored locally and uses asymmetric encryption to render it inaccessible to unauthorized third entities. The key can only be used to open and close positions and perform certain functions within the app. It’s not authorized to deposit or withdraw funds, meaning there is no security risk to funds.

The launch of the bot was just one of the achievements ApeX recently celebrated at its recent one-year anniversary event, where the project also unveiled a new roadmap, which includes an upcoming social trading feature launch. Other achievements include the beta release of USDT contracts earlier in November, making ApeX one of the pioneering DEXs to offer support for both USDC and USDT perpetual contracts. This launch includes a limited-time offer for the USDT Marker Maker Incentive Plan, where maker orders generate negative fees of -1.2 basis points for the first 120 days.

The nature of the digital asset markets means that there will always be a demand for trading bots and automation features to support effective risk management. However, the evident vulnerabilities of centralized services and custodial platforms have provided an opportunity for decentralized, self-custodial solutions to demonstrate their security credentials.