API cheating. How can a trader steal money directly from your cryptocurrency exchange account?

My readers often ask, how safe is trust management by API keys? Can a trader with whom you have agreed on trust management steal your money if it does not leave your account and the rights of the trader are set up only for trading?

Alas, maybe. And in several ways.

And in order not to become a victim of such a scammer, you need to understand what to fear.

First, consider the most obvious.

Omnidirectional transactions.

A trader takes trust with several people and opens opposite positions with maximum volumes. For example, on the account of Vladimir, he opened 100,000 contracts for the growth of Bitcoin, and on the account of Peter the same amount for the fall. Thus, he is guaranteed to make a profit on one of the accounts and withdraw his remuneration (as a rule, the profit between the trader and investor is distributed 50:50).

The rest will say – alas, this is the market. Not lucky, it happens.

One of the investors this time will also receive a high profit, and most likely will bring more money to the management. But next time he will be less fortunate. Since with such a scheme, one of the accounts produces very high profits in a short period of time (after all, if on one account liquidation is done, then on an open account in the opposite direction, it is almost double), then the profitable account is used to demonstrate and attract new investors.

If a trader does not show his positions immediately after opening, but only demonstrates when he closes, or when they are already in a big plus, while the trading history is only for a short period, this is the first sign of such a scheme.

Theft of funds from the investor's account through the purchase of low liquid assets.

With proper preliminary preparation, this can be done through top altcoins. The mechanism is simple – the trader buys some assets at an abnormally high price, or sells at an abnormally low price. The second side of the transaction is his affiliate account.

The result is a transfer of investor funds to an account controlled by a trader.

A sign of the scheme is that losses occur as a result of one or two transactions, the price of transactions differs from the market, low-liquid coins from the backyard of coinmarketcap are used,

Opening a large number of transactions.

Opening a large number of transactions, often in different directions for correlating assets, followed by fixing only positive transactions.

For example, buying Bitcoin and selling Ether. In any scenario, one of the deals is a plus, its trader closes and takes his share of the profit. A losing trade remains in the account. This is repeated many times, then the account can no longer withstand losses and liquidation occurs.

A sign of such a scheme is that there are many transactions in the account that have been open for a long time, and the trader requires profit distribution after each positive transaction.

Fundraising through an affiliate program.

A trader constantly opens and closes trades, with a minimum profit or zero. Before starting trading, he asks for a new registration on the exchange at his link, citing it with a discount on the commission or a promise to return part of the commission.

At the same time, he receives remuneration for the volumes traded on your account on his account. Often such a scheme is combined with option 3. Funds from your account in the form of a commission are slowly transferred to the account from the link from which you registered.

A sign of such a scheme is a lot of transactions that open and close quickly, in the footstep or with a slight plus, the economic meaning of which you do not understand.

How not to get hooked by a scammer?

Specify what assets a trader can trade, the size of the risk per transaction, establish that the distribution of profit occurs only when all positions are closed.

But it should be understood that there is no mechanism to prohibit all this from being done in automatic mode, and you will not have the opportunity to keep track of the account 24/7 in the hope of timely disconnecting API keys.

Therefore, we return to the most important issue that I raised in an article on my channel deciding to give money to a trader in trust, 100% make sure that he is able to trade profitably over a long time period. If there is even the slightest doubt, let him provide additional evidence of his successful trading and dispel them. If you don’t want to, just don’t give him money.

Because only a successful trading trader is interested in long-term cooperation and depositing your funds. Those who do not trade, but temporarily got the opportunity to manage your money, have only one interest – to steal them completely or at least partially.

Be careful and careful not to give scammers such an opportunity. Better yet, learn to trade yourself. And then your non-market risks will be minimized.

Posted by Pavel Gromov, author of the Crypt Chief channel: https://telegra.ph/Doveritelnoe-upravlenie-07-11

Publication date 10/22/2019
Share this material on social networks and leave your opinion in the comments below.