How your keys are kept safe

Your funds aren't safe because we promise they are. They're safe because the venues will not let us touch them, and our own architecture is built so that no one — not an attacker, not an engineer, not fxyz itself — can ever reconstruct your credential in one place.

fxyz's security model is built on a simple principle: never trust a single point of anything. Not a single store. Not a single permission. Not a single layer. Not a single person. Two independent fronts protect you, and either one of them, on its own, would already be enough.

The biggest promise comes first

fxyz cannot withdraw your funds. Even we cannot. The venues themselves refuse.

This is not a policy commitment we have to enforce. It is a property of the venues' own protocols. Withdrawals on the credential fxyz holds are not a thing that exists — refused at the protocol level, by the exchanges themselves, by code that fxyz did not write and cannot influence:

On Hyperliquid, the credential fxyz holds is an "agent key" that the protocol restricts to trading. The HL contract simply refuses any withdraw signed by it. Your main wallet — which fxyz never holds and never sees — is the only thing that can move funds. Period.
On Lighter, the L2 protocol routes any withdrawal back to your registered L1 owner address. There is no field on the wire to redirect it. The protocol itself sees to it that your funds can only go home to you.
On Backpack, fxyz's own client does not contain a withdraw operation. There is no code path inside the product that can move funds off your account. Backpack's withdrawal-address whitelist adds a venue-side seal on top.

To move your funds, an attacker wouldn't have to defeat fxyz. They'd have to defeat the venues' protocols themselves — which is to say, the trading infrastructure that holds billions of dollars across the industry. Good luck.

Vault-grade credential protection

Your credential is never held as a single readable value, anywhere. Not in a database. Not in a vault. Not in memory. Not in a backup. Anywhere.

Even though the credentials are trade-only and can't move funds, we treat them as if they could. The protection around the credential itself is layered to the point of being almost paranoid by design.

Multiple independent fortified systems must each be reached, simultaneously, before any single user's credential can be reconstructed. The work doesn't scale: defeating the protection for one user gives an attacker exactly zero of the others. There is no master list, anywhere, that maps users to credentials. Every user is a fresh problem, with fresh keys, in fresh systems, under fresh access controls.

The properties this gives you:

Per-user cryptographic isolation. No "lift one secret, get everyone." The math is hostile to that.
No single point of compromise. A breach of any one system, on its own, yields nothing usable. The pieces in any single store are meaningless without the others.
Tamper-evident, end-to-end. Authenticated encryption guarantees that any modification — anywhere along the chain — is detected and rejected, never silently accepted.
Uninformative storage layout. Nothing about how the credential is stored gives an attacker hints about what to look for or where.

The defense is multiplicative, not additive. Every layer multiplies the work required. Every system lives under its own access controls, monitored independently. There is no shortcut. There is no skeleton key. There is no engineer who can run a script and dump everyone's credentials, because no such ability is built into the system.

Per-user isolation, all the way down

Even running code is partitioned.

When you trade through fxyz, the strategy signing your order runs inside a private workspace scoped to your wallet and nothing else. Other users have their own workspaces. They cannot see your credential. They cannot list your files. They cannot place trades on your account. There is no shared "all-users" process that holds credentials in memory. There is no privileged path that can reach across.

The blast radius of anything that happens inside a workspace ends at that workspace's wall. Even a deliberately malicious bot — written by its own author or twisted by an attacker — is permanently scoped to its own user. The infrastructure does not allow it any other reach.

The strategy itself cannot betray you

The exchange clients exposed to strategy code deliberately omit fund-movement operations. There is no withdraw(). There is no transfer(). The functions simply do not exist in the surface available to your code. A strategy you wrote — or any strategy you forked, no matter who wrote it — has nothing to call. You cannot use what isn't there.

This is not a venue-only guarantee. It is enforced inside fxyz itself, in code, at the API surface. Both walls have to hold; both walls do.

In summary

fxyz can place trades for you. That's the design. Anything you build, fork, or run that you tell to trade, can trade.
fxyz can't move your funds. Not the platform, not a malicious bot, not a misbehaving strategy, not a leaked anything. The venues themselves see to that.
Your credential is fortified by multiple independent layers in multiple independent systems, isolated per user, with no master list and no shortcut. Industrial-strength by construction.

Your funds are safe at multiple, redundant, mutually-reinforcing levels. That redundancy is the point.

What's next

Per-exchange custody — how each venue enforces the funds-stay-yours guarantee.
What fxyz cannot do — explicit list.

How your keys are kept safe ​

The biggest promise comes first ​

Vault-grade credential protection ​

Per-user isolation, all the way down ​

The strategy itself cannot betray you ​

In summary ​

What's next ​