: If you are using a strategy from the Runbot community or a marketplace, review the logic for "hidden" functions that might send small amounts of capital to unknown addresses or perform "wash trading" to benefit a third party. [5] 5. Infrastructure Awareness
: Be wary of emails or Discord messages claiming to be from "Runbot Support" asking for your API secrets or login credentials. Official support will never ask for your private keys. [1]
Runbot is a trading bot designed to automate trading activities, but how secure is it? In this review, we'll examine the security features of Runbot and assess its overall security posture.
That config file might be sitting on a cloud server, saved in a Discord DM, or committed to a public GitHub repo. I’ve personally found live API keys with withdrawal permissions in public Pastebins. runbot trading security
By following these best practices and taking advantage of Runbot's security features, users can minimize risks and maximize their trading potential.
: Use a password manager to ensure your Runbot password is not shared with any other service. [2] 3. Strategy & Execution Security
“I ran a popular open-source grid trading bot on a $10/month VPS. One morning, I woke up to 300 tiny market buys of a token called ‘SAFEMOONCOPY.’ My entire $8,000 trading balance was gone. The bot had been replaced with a modified version that forwarded my API key on the second run.” : If you are using a strategy from
Overall, Runbot appears to have a solid security foundation, but it's essential to remember that no trading bot is completely risk-free. Users should carefully evaluate Runbot's security features and risks before using the platform.
Based on publicly available information, Runbot appears to have a robust security framework in place. The use of encryption, 2FA, and secure API connectivity demonstrates a commitment to protecting user data and preventing unauthorized access.
: Ensure your bot has maximum slippage protection. Without this, a bot might execute a trade at a price far worse than intended during low liquidity, which is a common way automated accounts lose money. [4] 4. Third-Party Script Risks Official support will never ask for your private keys
Unlike traditional platforms that might require full API access, Runbot leverages specific technologies to minimize risk:
: Never deploy a new script with high capital immediately. Run it in a "Paper Trading" environment for at least a week to ensure there are no logic loops that could drain your balance through excessive fees (churning). [5]
Mossy Resources