Killed my account about binance-trading-bot-new-coins HOT 13 OPEN

I just found this repo and looks interesting and I was going through issues found this one. Hey @CyberPunkMetalHead i think we can add something like Maximum used amount / slack notification for trade details after every X minutes? Let me know if we can do this, i can also contribute into this project if i add slack notification, but adding realtime notification like slack/telegram would be a great thing in such a scenario.

from binance-trading-bot-new-coins.

This is most likely a lie. There’s nowhere near that volume of new coins added to Binance, and even if it were, you chose to use this in live mode at your own risk.

from binance-trading-bot-new-coins.

This is a lie ? You have nothing else to say you bitch ? Of course I did it at my own risk, but dont say it is a lie for god sake

from binance-trading-bot-new-coins.

Im not here to discredit your project or anything I know destiny decided to fuck me up and I accept it. Just, at least, include better security measures in your code, better test, better control. All im asking for, for futur users

from binance-trading-bot-new-coins.

The event you’re describing is highly atypical for the algorithm, which made me question The validity of your claim.

If there's nothing else I will close this issue.

from binance-trading-bot-new-coins.

If this is a real issue, please provide evidence as well as a full error log so that I can see exactly what went wrong.

from binance-trading-bot-new-coins.

Only evidence I have is the last 193 pages of my trading history on Binance, cant bring further infos as I destroyed the VPS already.
I remember my config file thought : All TSL/TTP and SL/TP to 0, Enabling Trailing at False, usdt pairing, 100 in quantity

My history shows many trades where done on random crypto, in usdt, bnb, and russian roubles.
My 3 dialogs with the support confirmed me that it all came from the API key I used for the listing bot

So obviously here, the bot started trading outside the boundaries of new listed coins. Given the fact that its doing a comparison between the actual and last list of coin in memory this is not impossible...

Thats all I can and will say about it, im done with trading now, long journey of redemption await.

from binance-trading-bot-new-coins.

So the guy got his VPS hacked, destroyed the VPS and all the evidence and now it's blaming an open-source software for burning his funds using the API he created and didn't secure?

Have you even checked the code @BastG57 ?

How was your VPS set up? What about your VPS security? What about your API key security?

Did you had SSH port opened to the public? Are you using SSH keys and blocking password login?

Do you VPS even have a public IP access? Are you using a VPN to secure connect into your VPS instead of exposing it to the world together with your API keys?

You didn't had to destroy the VPS. Just stopped the bot from running would suffice so you could run a more deep analysis of the security problem instead of just calling Binance and assuming the problem is this bot and it's code instead of your lack of security on your own VPS. Just because the trades were made with the configured API key that doesn't mean the bot made the trades, specially if you check the code that is open-source exactly for this very same reason.

No disrespect, but what a joke!

Sorry for jumping on @CyberPunkMetalHead - thanks for all your efforts, your code and specially for making them open-source and to be transparent about it. Really appreciate it.

from binance-trading-bot-new-coins.

So the guy got his VPS hacked, destroyed the VPS and all the evidence and now it's blaming an open-source software for burning his funds using the API he created and didn't secure?

Have you even checked the code @BastG57 ?

How was your VPS set up? What about your VPS security? What about your API key security?

Did you had SSH port opened to the public? Are you using SSH keys and blocking password login?

Do you VPS even have a public IP access? Are you using a VPN to secure connect into your VPS instead of exposing it to the world together with your API keys?

You didn't had to destroy the VPS. Just stopped the bot from running would suffice so you could run a more deep analysis of the security problem instead of just calling Binance and assuming the problem is this bot and it's code instead of your lack of security on your own VPS. Just because the trades were made with the configured API key that doesn't mean the bot made the trades, specially if you check the code that is open-source exactly for this very same reason.

No disrespect, but what a joke!

Sorry for jumping on @CyberPunkMetalHead - thanks for all your efforts, your code and specially for making them open-source and to be transparent about it. Really appreciate it.

Bro is it must to login binance on chrome if we want the bot to take trades?

from binance-trading-bot-new-coins.

So the guy got his VPS hacked, destroyed the VPS and all the evidence and now it's blaming an open-source software for burning his funds using the API he created and didn't secure?

Have you even checked the code @BastG57 ?

How was your VPS set up? What about your VPS security? What about your API key security?

Did you had SSH port opened to the public? Are you using SSH keys and blocking password login?

Do you VPS even have a public IP access? Are you using a VPN to secure connect into your VPS instead of exposing it to the world together with your API keys?

You didn't had to destroy the VPS. Just stopped the bot from running would suffice so you could run a more deep analysis of the security problem instead of just calling Binance and assuming the problem is this bot and it's code instead of your lack of security on your own VPS. Just because the trades were made with the configured API key that doesn't mean the bot made the trades, specially if you check the code that is open-source exactly for this very same reason.

No disrespect, but what a joke!

Sorry for jumping on @CyberPunkMetalHead - thanks for all your efforts, your code and specially for making them open-source and to be transparent about it. Really appreciate it.

Meh bro if you dont want to trust me it is your problem, I just hope for you that it is not going to happen to your account
Like I said I know I messed up by trusting and executing a bot on my account with all my money on it. (But who could have guess, Ive done this for years and no problem so far)

It was a VPS from VULTR.com which is a top security vps service, running through secure shell with rsa 4096bits. It is 100% sure it is not a "hack", what kind of hacker would just empty an account without stealing anything and disappearing like a ghost lol.

Now that Ive digested it, ill try to explain it a bit more
The day it happened, it was on the listing of AGLD on binance, I started the bot about an hour before the listing, got my class lesson, then got back at home at midday 4 hours after. I logged to my binance account to see if it had worked (wanted to see at what price the bot had bought it), and then realize I had almost no money left on my account. Completely panicked, I thought I just got phished, and I blocked my account a few minutes laters in a desperate move.
I then destroyed the VPS to stop the unnecessary depense (running a vps on their service cost money by running time), then started to struggle with binance support
I realized only many hours later after discussing with the support, that their was no withdrawal history and that the funds couldnt have been stolen. The timestamp of the many trades that were done corresponded exactly to the moment the bot was running and the support confirmed me that it was coming from the API I used for the bot.

So yea, this is life. Protect youself

from binance-trading-bot-new-coins.

You don't trust the bot you're running (you're claiming the bot lost your funds when the hacking theory is easily proved by simple looking at your Binance Transaction Log - purchase high, sell low - there was somebody making these orders and waiting for the sells on the other side with that exact price match) - this is the worst for me because you're accusing the bot developer of writing and sharing a code that is support to loose (to say the least) the funds of all of it users... when the code is open source and you can audit it yourself and anyone can do it for that matter.

You also prefer to trust the internet by exposing your server and API keys to the public. The fact that the transactions came from the same API and even from the same IP Address doesn't mean it was the bot. Specially if you check the open source code that is available here on Github. The code doesn't do what's in your Binance Log. If you review it, you will see it and understand what you're claiming/thinking is not even possible with the current code.

You can't talk about trust here. You're horrible at it.

I work with IT security and from the evidence here in this issue, anyone with IT security 101 skills, can say with 99% certainty that your server got hacked/invade and/or your API keys got compromised.

Please, don't take me wrong, that's very sad and I feel you pain. Wish you the best in recovering/rebuilding your portfolio again.

But don't come here accusing the open source software written and shared by Andrei @CyberPunkMetalHead and telling everyone the software is not secure when you have no idea what you're talking about.

Your issue has nothing do to with this bot but with your lack of expertise in setting up your server and Binance API Keys to keep them secure and protected from hackers.

You could create this issue talking about how you've lost your funds in any other bot available here on Github, just as a warning to other users to take their server/keys security extremely serious, because that's what everyone should do.

But again, this is no bot fault.

Sorry @CyberPunkMetalHead - these things really get the worst in me.

from binance-trading-bot-new-coins.

Blood ridiculous these accusations. You installed an experimental bot that's still under development and now blame it that it cleaned out your account? Dude, welcome to the real world! If you turn on a bot that's experimental you need to be prepared to lose the entire account. Who in their right mind would put more than a few thousand bucks at risk?

from binance-trading-bot-new-coins.

for futur users : only use bots with a limited amount on your account.
Question is : was your transactions executed by @CyberPunkMetalHead's bot ?
And help improve it with security

from binance-trading-bot-new-coins.