I recently discovered an autotrader and was thinking about the risks related to this. This autotrader requires you to grant access through the Binance Spot trading API.

**Withdrawal risks**:
I would categorize this is none, as they only gain access to create spot orders to buy and sell. I don’t think they would be able to just withdraw all funds from my account.

**Spot trading risks**:
I once read a story on reddit where someones account was drained just by trades. I couldn’t find the post, but I think the trick behind it was to just pick some low volume coin and place orders at a weird spot in the orderbook to ensure that the victim buys orders are linked to the attackers sell orders. However this trick will never work on Binance as it will always pick the best match when executing spot orders. For example: If I place a sell order for BTC now at $1000 then it will just find the highest price in the order book and sell for that (~$20700).

What risks do you guys identify?

Can anyone think of a way that an account is drained (with the attacker getting away with all the money)

Ps. This is not about the performance of the auto trader otself and whether it will be profitable or not.


➔ Visit Binance now and start trading

3 Comments

  1. anand5995 on 24. December 2023 at 1:06

    Can you give the link to the Autotrader?

     


  2. BinanceCSHelp on 24. December 2023 at 1:06

    Hi there, please, use the support thread next time for such kinds of questions.

    We strongly urge you to do your own risk analysis considering there are many bad-intentioned platforms/investors out in social media. Please act with caution.Spot trading risks could still be involved in some cases and there is no need to involve limit orders for that even.

    Alternatively you could join us here – binance.com/en/chat and our team would help you to clear all misunderstandings regarding this question.

    AG

     


  3. cleofinance on 24. December 2023 at 1:06

    Hey, when you are using 3rd party trading apps. It always important to allow only trade and read. You definitely shouldn’t be allowing the withdrawal option. On cleo.finance for instance, the platform does not require any withdrawal option so there can be no access to your funds. We do have an article that explains how a trading platform should handle the API keys and its security. The summary was also posted here. Here is the link to post: [https://www.reddit.com/r/binance/comments/10334e4/api_keys_and_how_to_handle_its_security/](https://www.reddit.com/r/binance/comments/10334e4/api_keys_and_how_to_handle_its_security/)