Topic: CI Bitcoin Trading Robot (Read 1565 times)

Ok I won't even begin to try to explain to you the legal liabilities inherent in writing a trading bot and selling it.  It should be obvious that you will end up in a huge tank of hotwater if you make even a tiny little mistake.  Don't believe me?  Go find my ATP thread where we discovered a week into trading that although everything looked good when the market was moving a slight oversight (dividing a float into an int) was actually costing people money.  I'm really, really lucky I (as Isis) had the support of a community who were willing to take a loss to test a bot.  Still people were pissed and I won't lie there were some nastygrams (nicely worded nastygrams, but nastygrams nonetheless).

If bitcoin had been a real currency at that time (I think it was worth < $10), I highly doubt I would be here explaining the lesson I learned to you.
Still that was the best way to develop it.  Open source it, release it to the community.  Test your algorithms on yourself.  If you don't have the funds to test it on yourself then find a business partner who is willing to take the risk and thus reap the reward.  Use their funds.  Not ours, thanks!

I'm very proud of the fact that even though I haven't touched my ATP bot in 2 years that a whole community has grown around it and taken it places I never imagined.
That was only possible because I opened the source from the beginning.

Point of fact, this is not an easy business to be in.  If you don't have at least some skill as a programmer, mathematician and day trader in your own right, you're going to take massive losses.

I've programmed trading systems for the likes of JP Morgan and I still make occasional mistakes that nearly wipe me out. 
There's always something going on you didn't forsee.

I applaud you for trying, but please until you have real experience or feel you have something innovative to contribute, play with your own money.
If you truly think you've innovated something, then share the code with the community.  No one is going to steal your super secret codez.  Very few people would even know how to compile and run it, but they can probably help you vet your algorithms by explaining things you never considered.  But that's only possible if you share them.

 

Give them your precious binaries? 

Or better: let the bot trade for yourself. Or offer them a partnership in a way, that you would trade their money.

To all who have written to the topic,

I'm currently working on a "trade robot", too. My primary aim is to make profit by having the code trade for myself, but I want to commercialise the project later and do what OP does. So, do you think that there is way of offering such a service without taking their API keys? Sorry, but I cannot give my precious source code.

A GMAIL account for contact info? Seriously? I dont even trust Mint.com using an API, why would I trust you guys.

The PBKDF2 is used to hashing passwords.

Just now you are hashing?  Let me guess MD5?  No salts/peppers?

Anyway you have a great idea!  Invite a bunch of people to test your insecure service.  Experience a security problem, then have them bad mouth your service before you've even launched because you want to focus on your algorithm.

This smells like a scam to me.  You don't need users to test your trading algorithms.  That's the benefit of automation and the whole point of a bot.

Certainly the user security is our priority. User passwords are hashing now. As we worte above in commercial version we will implement SSL and other security improvements.
In test version we would like to focus on trading algorithm of the robot. We asume that users understands all risks and will use their test accounts.

Wow.  As someone who does website design SSL implementation is easy and should be a priority for this type of site.  If you don't have enough "resources" to do about 4 hours of work, then you're in trouble.

Secondly, what would an attacker steal that is valuable?  Crikey.  What world do you live in?  First off, it would crush your "business".  Secondly there are lazy users that reuse account names and passwords which could lead them to major theft on other sites, but then it appears you don't really care about their security anyway.  Based on that I have to assume your database is probably not even hashed or secured properly.

Lastly if someone steals your API keys they could sell off everything you have in your account just to drive prices down for their own amusement and possibly profit.

Thank you for reply.
We understand and share your worry about security. In future if this bot will run as a commercial project we will do more efforts to improve the security and of course will add SSL. But now during the testing we don't have enough resources.
Although currently even if the site will be attacked we don't see what an attacker would steal valuable. In the register form we ask only user name and password for your cibitcoin.com account. Btc-e API keys does not allow to steal your funds. They are only to get btc-e trade information and to place orders.

Umm you don't even have SSL on your site???  Even your sign up and login pages?
That worries me perhaps even more than the fact that you're hosting a bot and asking for API keys.

That would make me extremely nervous.  A hosted bot with account API keys is just begging to have all of your funds stolen.  I'm not accusing you of being a dishonest person, but regardless of if you were to walk away with it, or an attacker compromised your site the fact is this could easily end very badly.
I advise everyone to avoid this at all costs.

If you want to test your bot, please post the source code and disclose the risks.

New simple BTC-e robot is available at http://cibitcoinbot.com.

You do not need to download any software. Just create an account, provide your BTC-e API keys in Settings and start trading.

The bot operates in test mode now and you can use for free.

We would be happy to get your feedback about this bot.