API fraud. How can I steal money directly from your account?

Author's article by Pavel Gromov, trader and author of the telegram channel "Chief in Crypto".

Readersoften ask the question, how safe is trading with the API and is it possible to lose money when working with a trader through an API key?
The money is in the investor's account, which givesgives him a feeling of security and emotional comfort. He is not worried that he transferred money to an unknown person and believes that he can stop trading at any time by deleting the API key, which is why he is calm, relaxed and often does not take a very responsible approach to choosing a trader. This is exactly what scammers take advantage of. Argument"Your money remains with you, and I only trade"a scammer can lull his vigilance, and soon a failed crypto investor will be able to talk about his money only in the past tense.

In margin trading, these schemes are especially popular and effective, the more leverage, the better they work.

 

The main ways to lose money in API trading</p>

Method number 1: Investor error when setting the rights of the API key.

If an investor unknowingly ticks the box next to “Deposit” or “Withdraw funds”, then his “Remote Control by API” will be completed very quickly. Rights should be set only for opening and closing orders.

Method number 2: Draining funds to another account through the purchase of low liquid assets (shitcoins).

A coin will be bought for your money,the name of which you have not heard before - from the backyard of coinmarketcap. The seller of the coin will be another account of your trader. Under certain circumstances, this can be done on highly liquid coins, but it will be more difficult, since it requires a high fraudulent qualification and a non-standard approach. The fiasco insurance for this item is a clear agreement with the trader about what assets he can trade. Best of all, only Bitcoin and Ether. But remember that there is no mechanism to technically prohibit trading in everything else. Therefore, the trader, if there is intent, can still do it and thus withdraw money from the API account.

Method number 3: multidirectional transactions.

The trader takes 2 accounts in the remote control by API. Maybe more. 2 - this is the minimum necessary for the circuit. On one, he buys Bitcoin, on the other he sells, all this makes it as large as possible. On a profit account, the pseudo-trader closes the transaction and requires his reward. At a loss account, it continues to trade until the market reverses or the deposit is drained. It is easy to guess that with a strong trend on one of the accounts there will be great success, and he will receive a huge reward, but on the other account there will be a drain. He will use a successful account to attract other investors and repeat the scheme. Only the injured investor will know about the second account. Which account will your funds be in? 50:50 if there are two bills. With such a probability of success, anyone who has been taught to press buttons can trade. Why give someone money if you yourself can do it? In this case, if successful, no one claims 50% of the profit. The method of dealing with such a scam is a preliminary study of the trading style of the trader and 100% confidence that he can trade profitably. This is a must and most important point for any form of remote control.

Method number 4: Closing profitable transactions and increasing losses.

A trader opens many trades, some of themwill be in the black. He closes them and demands his share of the profits. Repeats the operation until the loss-making transactions lead to the liquidation of the account. The method of struggle is to stipulate that profit is distributed only if all transactions are closed, or if open transactions are in positive territory.

These are, perhaps, purely criminal ways "likerobbing the investor when trading on the API ”, but the same result can be obtained with any other trader who simply merges the deposit or a significant part of it. He will not steal your money, but simply give it to the market. The most important condition for a successful API remote control (and indeed any remote control) is to make sure that the trader is able to trade profitably over a long distance, and not only time, but also the number of transactions is important.
Understand his trading style, make sure thatthere are no excessive risks and an element of luck, look at the ratio of positive and negative transactions, inquire about the reason for the losses, listen to his comments and evaluate their persuasiveness.

A trader who can trade successfully is notwill steal your money, it is more profitable for him to multiply them. A trader who cannot trade, but only raises money, has no other intention than stealing funds in any convenient way. Do not consider all of the above arguments against working with the API. In no case. API keys are a more secure remote control method for an investor than transferring your crypto to a trader's account. If the funds have been transferred to the trader’s account, he don’t need to strain at all, he can complete this cooperation with you, change contacts and look for new “investors”. But also do not relax and think that the API is a guaranteed protection against loss of funds in case of malicious intent or low qualification of the trader. If a trader wants to steal your money, then the API will protect you only if the fraudster is not experienced and does not know how to do it.

Taking this opportunity, I would like to say hello and share information for beginner scammers who want to steal but don’t know how:

After one of my articles, I was inundated with offers to consult:"How to create an overflow through the API via Bitcoin to another account?"(sender's spelling). You should not offer me participation in future “profits” or immediate payment after receiving “secret knowledge,” at least until you learn to write correctly.

The cryptocurrency world is incomparable and unique, andtherefore take care of your assets, do not give them to scammers. Bitcoin is able to change your financial situation for the better even without your participation, it is quite simple to store it.

Best regards, Pavel Gromov! Author of the telegram channel “Chief of Crypto”.