Non-Custodial Trading: Why HalalCrypto Never Holds Your Keys

The collapse of FTX in 2022 cost retail investors an estimated $8B. The lesson wasn't complicated: when a company holds your funds, your funds depend on that company staying solvent, honest, and unhacked. Most platforms ignored that lesson and kept running the same model. We built HalalCrypto so we never have to ask you to trust us with your money.

This post explains what "non-custodial" actually means in our setup, why it matters for both safety and Shariah, and exactly which permissions our bot uses on your connected exchange account.

What custody means, in plain English

When a typical crypto platform says "deposit $1,000 to start trading," they mean send $1,000 to a wallet they control. From that point, you don't own the coins — you own an IOU. The exchange owes you the right to withdraw. If they go bankrupt, get hacked, freeze withdrawals, lose keys, or get sanctioned, your IOU is suddenly worth whatever the bankruptcy court eventually decides.

A non-custodial model never accepts your money. Your funds stay on your connected exchange account, in your name, behind your password and your 2FA. We connect to Binance via a read-and-trade API key that you generate, and we use it to open and close spot positions on your behalf. Your private keys, your withdrawals, your account credentials — we never see any of them.

Why this is the only model we'd ship

Three reasons, in order of importance.

Solvency risk doesn't apply to you. If HalalCrypto goes out of business tomorrow, your funds are unaffected. You revoke the API key in Binance and you carry on as if you had a regular Binance account, because that's all you ever had.

Withdrawal access is the single biggest attack vector — so we don't ask for it. Our API key permissions explicitly disable withdrawals. Even if our infrastructure were fully compromised by an attacker, they could not move your coins off Binance. They could place trades — which has its own cost, but is recoverable — but they could not steal.

It satisfies a Shariah concern about commingled funds. A custodial platform pools your money with everyone else's. That commingling can produce ambiguity over what you actually own, particularly when the platform is also lending out customer deposits to earn interest (a common silent practice). Non-custodial sidesteps that entirely — your coins are individually attributable to you at all times.

The exact permissions our bot uses

When you connect Binance during onboarding, you generate an API key with exactly three permissions enabled:

• Enable Reading — so we can see your balances and the current price of pairs
• Enable Spot & Margin Trading — limited to spot only on our end; margin is never used
• (disabled) Enable Withdrawals — we never ask for this. If a tool asks you for withdrawal permissions, that's the moment to close the tab.

We also recommend (and walk you through, during onboarding) IP restriction: lock the API key to our outbound IP addresses so even a stolen key cannot be used from anywhere else. Binance supports this natively at the API key level.

Margin trading is enabled in the permission because Binance bundles "spot" and "margin" into the same toggle — there's no way to enable spot without enabling margin at the permission level. Our bot has its own hard-coded refusal at the order-routing layer: every order specifies a MARKET or LIMIT type against a spot symbol with no leverage. We do not call any margin endpoint. We do not call any futures endpoint. Ever.

What "spot-only" gives you on the Shariah side

Spot trading is the closest crypto analogue to a real-world hand-to-hand exchange — you pay, you receive, you own. Mainstream scholarly opinion treats spot crypto trading as analogous to currency or commodity exchange depending on the asset class, both of which are permissible when settled immediately.

The wrappers that surround spot are where most halal crypto setups quietly fail:

• Margin — borrowing money to amplify a position; the loan is almost always interest-bearing
• Perpetual futures — synthetic contracts that never settle; settlement gaps and funding rates create gharar and de facto riba
• Lending markets — yield from depositors-lending-to-borrowers; classical riba
• "Earn" / "stake" rebrands — many are lending programs in disguise

None of these are in the bot's surface area. We can't accidentally route into them, because the routing layer doesn't have the code paths.

What this means if you're new to crypto

If you're new to all of this and your first thought is "wait, my money stays on Binance?" — yes, exactly. You open a Binance account in your own country (or the nearest supported jurisdiction), you fund it the way you'd fund any exchange, you generate the API key, and you connect HalalCrypto to it. From that moment, the bot acts on your behalf, within the limits you've set, on coins from the halal allowlist, without ever being able to take a single coin off the platform or off your account.

If anything goes wrong with HalalCrypto — if you change your mind, if you don't like the results, if a competitor wins your business — you revoke one API key in your Binance security settings, and the relationship ends. There is no funds-on-hold period. There is no support ticket to wait on. You hold the keys.

What this is not

Non-custodial does not mean without risk. The market still moves. Trades still take losses. Binance itself can have outages, regulatory changes, or country-specific restrictions. Your own account can be compromised if you reuse passwords or skip 2FA. The bot can be wrong — past performance does not predict future performance, and we do not make return promises.

What non-custodial means is this: every risk that's on the table for you is one you control. None of them is "the company holding our money disappeared." That risk, the FTX risk, the BlockFi risk, the Celsius risk — we removed by design.

→ How the connection works step-by-step · Compare the three bot tiers · Join the waitlist for early access