altDesk · docsOpen bot →

Security model

How your key is protected and what we do with it.

TL;DR. You import an EVM private key. The bot encrypts it at rest with Fernet, keeps the master key separate from the encrypted store, and signs your trades locally. Best practice: import a fresh trading-only wallet — never cold storage.

📥 PK import — how it works

The bot uses an EVM private key you provide to sign your alt.fun trades and USDC↔HYPE swaps. Local signing keeps latency low — there's no external service hop per trade.

The flow

  1. You tap Import private key in /wallet.
  2. Bot prompts you to paste a 64-hex EVM key.
  3. The bot validates the key, derives the EVM address, then immediately encrypts the key with Fernet (AES-128-CBC + HMAC-SHA256). The master encryption key lives in the server's environment, kept separate from the encrypted store.
  4. Only the ciphertext is written to data/wallets.json (file mode 0600, owner-only).
  5. Your chat message containing the PK is deleted immediately on receipt.
  6. At trade time: the ciphertext is decrypted in RAM, used to sign one transaction, then references are dropped.

Protection

  • Encrypted at rest. Industry-standard AES with authenticated encryption. Plaintext is never written to disk.
  • Never logged. Your private key is not written to any log file, debug trace, or error report.
  • Short lifetime in memory. The key is decrypted only at signing time and dropped immediately after.
  • Instant chat-message delete. The message you send containing the PK is removed from chat the moment it arrives.
  • Auditable activity log. Every signing event (approve · buy · sell · swap · fee) is recorded and viewable in /wallet → Activity log. Any event you didn't initiate is a red flag.
  • Auto-erase on export. If you export your key, the chat message self-destructs after 30 seconds.
  • Isolated keys.Each user's key is encrypted independently — no shared secret unlocks more than one wallet.

Recommended practice

  • Use a fresh wallet for trading. Generate a new EVM key. Don't import your main vault.
  • Fund only what you'd be okay losing. Top up as needed; sweep profits back to a cold address.
  • Audit the activity log. Every entry should match a button you tapped.
  • Rotate periodically. Delete the wallet here, move funds to a new fresh wallet, re-import.

What's logged

  • Your Telegram user id and the wallet addresses you use.
  • Every signing event: action type (approve / buy / sell / swap / fee), timestamp, tx hash, target wallet, success/failure.
  • Trade summaries (token, amount, status) for diagnostics.

Never logged: private keys, decryption keys, raw signed transactions, or anything that could lead to fund loss if the log were leaked.

Found something unclear or want more detail? Ping the altDesk community.