Security — verifiable trust, not "trust us"
Cryptographic build identity, self-custody, exchange API key scope. The architectural choices that make Quantor structurally non- exploitative — and why "trust us" should never be the answer.
Other tags: Risk · Trading · Industry · All posts →
How we sign every prod deploy with Ed25519 — and why your bot doesn't
Most crypto-bot SaaS ask you to trust them. Quantor signs every prod deploy with an offline Ed25519 key and publishes the public key. Here is exactly how it works, what it catches, and how anyone with openssl can verify in 30 seconds.
Read article →Self-custody by construction — why your trading bot shouldn't hold your funds
Quantor never touches your funds. The exchange API key has trade-only scope, withdraw is forbidden by you on Binance directly, and even if our database leaked tomorrow nobody can move a satoshi. Here's the exact architecture, why most bots get this wrong, and what it costs us to do it this way.
Read article →