The structural argument
The largest single failure mode in any custodial-adjacent crypto product is unauthorised withdrawal. We solve this by structurally not having the capability:
- The bot's code does not contain any withdrawal-related calls.
- The order-signing service does not have IAM permission to call Binance's withdrawal endpoint, even on a key that is mistakenly granted that scope.
- The dashboard refuses to enable trading on a key with the withdrawal scope set.
This is not a configuration choice that could be flipped on. It is the absence of the capability altogether.
Why this matters more than encryption
Encryption (covered in 'How we protect API keys') protects the key from theft. But even with perfect encryption, a compromised infrastructure with withdrawal capability is a different class of risk than one without. The risk math is asymmetric: if we have the capability, a compromise drains the customer; if we do not have the capability, a compromise costs the customer at most some unwanted trades, capped by the per-position size and the stop loss.
Removing the withdrawal capability does not just reduce the probability of catastrophic loss β it reduces the maximum possible loss to a structural floor. That is a meaningfully different security posture.
What this means in practice
Your funds remain on your Binance account. You see them in your Binance balance, you control them via Binance, and you withdraw them to your own wallet whenever you decide to. The bot manages spot positions; the bot does not custody, transfer, or otherwise move your assets off Binance.
If you decide to leave HalalCrypto, the bot disconnects (or you delete the API key), and your assets are exactly where they were β in your Binance account, in your custody.
The flip side
This structural choice limits some features that custodial products offer (consolidated dashboards across multiple exchanges, automatic rebalancing across non-custodial wallets, etc.). We accept that limitation as the price of the security guarantee. It is a tradeoff we have made consciously and would make again.