Mantix
All lessons
Lesson 6 of 7 4 min readFree

API security: how your funds stay yours

After this lesson you'll understand exactly why a connected trading bot can't withdraw your money — and why this is enforced by the exchange, not by trust.

Your progress6 / 7
'But what if you get hacked?' is the most common question from new users. The answer is short: nothing happens to your money. And the reason is architectural, not promotional.

The core idea

An exchange API key has three permissions: read, trade, withdraw. Mantix only ever uses the trade permission.

When you create an API key, you choose which boxes to tick. We tell you to leave the 'withdraw' box unchecked. With that single click, the exchange itself blocks any withdrawal request signed by that key — including from us. We physically cannot move your funds off the exchange. This is enforced on the exchange's side, not ours.

How it actually works

  1. 1

    Read

    Lets the bot see your balance and order history. Required to know what's happening on your account.

  2. 2

    Trade

    Lets the bot place and cancel orders. Required to actually do its job.

  3. 3

    Withdraw — DISABLED

    Would let the holder of the key transfer funds out of the account. We instruct you to leave this OFF.

  4. 4

    IP whitelist (optional)

    You can additionally restrict the key so only Mantix's IPs can use it.

Why it works

It's the same model as giving a merchant the right to charge your card $50 — they can't drain your bank account.

Permission scoping has been a battle-tested pattern in software for decades. Exchanges implemented it precisely so traders could safely connect bots without losing custody. Your funds never leave the exchange.

The catch

Two things you must do: (1) make sure the 'withdraw' box stays unchecked when you create the key, and (2) keep the secret to yourself. The Mantix onboarding walks you through this step by step, and you can revoke the key from the exchange in one click at any time.

Mantix in action — last 7 days

Mantix security record

Active users

12,000+

Cumulative volume

$2.4B

Lost funds

$0

Custody

Always yours

Live chart preview — last 30 days

12,000+ users, $2.4B in trading volume, zero cases of fund loss across the entire history of the platform.

Try Mantix

Your keys, your custody, your money. Mantix only borrows the right to trade — nothing else.

Ready to put this to work?

Activate this strategy on your own account, or keep learning with the next lesson.

Try Mantix Lesson 7: Compounding

Keep learning

Lesson 7 · 5 min

The magic of compounding: why boring wins

Read
Lesson 2 · 7 min

How market makers print money (and why retail can't compete alone)

Read
Lesson 5 · 5 min

Why bots beat human traders (every single time)

Read
Back to all lessons