Runbot Trading Security Page

: Regularly audit your exchange settings and delete any API keys that are no longer actively used by a bot. [2] 2. Protect Your Runbot Account

— Anonymous, r/algotrading

That config file might be sitting on a cloud server, saved in a Discord DM, or committed to a public GitHub repo. I’ve personally found live API keys with withdrawal permissions in public Pastebins. runbot trading security

Automated trading bots—often called "runbots"—have exploded in popularity. They promise to trade 24/7, remove human emotion, and capitalize on market inefficiencies while you sleep.

“I ran a popular open-source grid trading bot on a $10/month VPS. One morning, I woke up to 300 tiny market buys of a token called ‘SAFEMOONCOPY.’ My entire $8,000 trading balance was gone. The bot had been replaced with a modified version that forwarded my API key on the second run.” : Regularly audit your exchange settings and delete

By following these best practices and taking advantage of Runbot's security features, users can minimize risks and maximize their trading potential.

: If you are using a strategy from the Runbot community or a marketplace, review the logic for "hidden" functions that might send small amounts of capital to unknown addresses or perform "wash trading" to benefit a third party. [5] 5. Infrastructure Awareness I’ve personally found live API keys with withdrawal

Even with advanced platforms, traders must remain vigilant against common industry risks:

Even with perfect API key hygiene, a compromised runbot can still wreak havoc by opening massive leverage positions, market buying illiquid coins, or running a losing strategy into the ground.

: Be wary of emails or Discord messages claiming to be from "Runbot Support" asking for your API secrets or login credentials. Official support will never ask for your private keys. [1]

If someone gains access to your Runbot login, they can alter your strategies or stop your bots.