AlphaBox: A secure autonomous trading station
The full article was originally published by Alessandro Buser on Medium. Read the full article here.
This is the second episode in a series of Blog Posts introducing the suite of Technologies which comprise the AlphaProject, a foundation layer for the new era of Decentralized Financial services. Today I will introduce the AlphaBox: a little piece of Hardware which autonomously manages your digital assets.
In the last blog-post I introduced the AlphaNexT self-auditing ATS. Today I will continue the series and shed more light on the full scope of the AlphaProject by introducing the AlphaBox, a first of its kind smart-device which can buy and subsequently execute trading signals using the IOTA–Tangle for data transmissions and payments. The AlphaBox was designed and developed around the core principles of usability, security and with decentralized exchanges in mind.
A Plug-and-Play trading station
With the emergence of autonomous signal selling systems such as AlphaNext, there is a need for an infrastructure to receive, pay for and execute these signals. The 24/7 nature of most autonomous trading systems requires receivers of such signals to be online at all times, without the need for human interaction.
One option that comes to mind is to run the receiver on a virtual private server (VPS). However, usability is key for any device aimed at the retail market and setting up a VPS and running it securely is an endeavor that requires skills most people don’t possess. Furthermore, VPS can be rented on a subscription basis, meaning that there is a recurring cost for the use of the infrastructure. The plug-and-play AlphaBox fulfills the needs of retail customers: it is accessible to anyone, requires minimal set up effort and is by nature considerably cheaper than any VPS services.
Increasing security by maintaining full ownership of API and private keys
API keys, used to access the exchange account on which automated trading signals are executed are currently a security risk, because the Signal Buyers do not have full ownership of them. Particularly, to today’s API keys infrastructure creates a thread of “Pump attacks” — for lack of a better term. This kind of attack was first witnessed on the 3 of July 2018, when an attacker with access stolen Binance API Keys managed to use a large amount of Bitcoins on other users accounts to buy up the entire order-book of the Bitcoin/Syscoin pair. One order of a single token, placed beforehand by the attacker, was filled at a price of 96 BTC/SYS, roughly 336’687 times the price the token was trading at on the days prior. The attacker had therefore successfully transferred large amounts of BTC from other users accounts to his own.
For optimal security in the new world of decentralized financial services, the Signal Buyers need to maintain full ownership of their API keys. While today most exchanges allow users to generate API keys which can be used to execute trades, these do not allow to withdraw funds.This will change once decentralized exchanges reach sufficient maturity and liquidity to gain wider adoption. In such an ecosystem, where API keys will likely become private keys (see for example binance-chain),users will be very hesitant to provide their private keys to third parties to allow for the execution of automated trading signals.
Based on these points the design criteria for the AlphaBox are as follows:
- It needs to run 24/7 without need for human input
- It should be easy to set up and require limited oversight once running
- API/private keys are stored locally and are at no point sent over the internet
The IOTA-Tangle and devices with wallets
The IOTA Tangle is a new DLT built for the machine economy. The core features which make it a perfect fit for the use case at hand are: