Is it safe to use a Hyperliquid trading bot?

Short answer: yes, if the bot uses Hyperliquid's agent-wallet model and you understand which risks the agent wallet does not solve. The longer answer is the security architecture below — what an agent wallet is, what a Hyperliquid trading bot can and cannot do with one, how to revoke access in one click, and the failure modes that no custody model can protect you from.

The agent-wallet model in plain English

Hyperliquid has a protocol-level feature called agent wallets. The idea: a separate keypair that you authorize to place orders on your behalf, but whose permissions are restricted at the protocol level. The agent wallet's private key sits with the bot operator (or in your browser, depending on the architecture). Your main wallet stays under your sole control with full authority over your USDC.

When the bot wants to place a trade, it signs the order with the agent wallet's key. Hyperliquid validates the signature, checks that the agent has been authorized by your main wallet, and executes the trade against your account balance. The agent never touches the USDC directly — Hyperliquid moves the position into and out of your account based on the trade execution.

The critical property: agent wallets are barred from withdraw, spotTransfer, usdClassTransfer, and other money-movement operations at the protocol level. Even if the bot operator is malicious or their server is compromised, the worst they can do is place trades on your account. They cannot drain it.

What a Hyperliquid trading bot can and cannot do

An agent wallet CAN

Place perpetual futures orders (long, short, market, limit)
Set stop-loss and take-profit orders
Modify or cancel orders it placed
Adjust leverage on the positions it opens
Read your account state (balance, positions, fills)
Use builder-code routing for fees

An agent wallet CANNOT

Withdraw USDC to any external address
Transfer USDC to another Hyperliquid account
Move funds between Spot and Perps wallets
Cancel your manual orders (only its own)
Read your seed phrase, password, or passkey
Authorize new agent wallets on your behalf

The CANNOT side is the security guarantee. It is enforced by Hyperliquid's protocol logic — not by the bot operator's promise, not by an audit, not by a smart contract that could be exploited. The protocol simply rejects any non-trade transaction signed by an agent key.

How to revoke an agent wallet

You retain full control over which agent wallets are authorized on your account. Revoking takes 30 seconds:

Open app.hyperliquid.xyz and connect your main wallet.
Go to Subaccounts → Approved Builders / Agents (the exact UI label has shifted across versions).
Find the agent wallet authorized for the bot (you'll recognize the address from when you set up the bot — it'll be tagged with the bot's name in some versions).
Click Revoke. Sign the revocation transaction with your main wallet.

From the moment the revocation is confirmed (~1 second on Hyperliquid), the bot loses the ability to place new trades on your account. Existing positions remain — they're your positions, after all — and you can manage them manually or wait for the previously-placed stop-loss / take-profit orders to fill.

Tip: revoking an agent wallet does NOT close existing positions. If you're revoking because something feels wrong, manually flatten your positions first, THEN revoke. Otherwise the stop-losses on the books will execute as planned (which is usually what you want, but worth knowing).

The risks an agent wallet does not solve

The agent-wallet model protects you from one thing: a malicious or compromised bot operator stealing your funds. It does not protect you from these other risks, which are real and worth naming:

1. The bot makes losing trades

An AI evaluator that's wrong on a setup will lose your money — entirely within its permitted scope. This is the same risk as any human discretionary trader: bad analysis produces bad outcomes. The agent wallet doesn't filter for "good trades vs bad" — it just enforces "trades only, no withdrawals." Your defense here is the bot's risk management (atomic stop-losses, position sizing) and your own risk-per-trade configuration.

2. Cascading losses during high-volatility events

During flash crashes, exchange outages, or extreme funding-rate spikes, even well-placed stop-losses can fill at much worse prices than expected. The bot can't escape this — neither can you trading manually. Use lower leverage (3-10x range), don't deploy capital you can't afford to lose, and consider pausing the bot during scheduled high-impact news events (CPI, FOMC, large protocol unlocks).

3. Hyperliquid itself going down

Hyperliquid is a young chain. If the L1 halts, has a critical bug, or is taken offline for any reason, your positions and the bot are both frozen. Hyperliquid's history has been impressively stable, but it's not zero-risk infrastructure. This is the unavoidable cost of using on-chain perps over a centralized exchange.

4. Your main wallet's seed phrase or passkey getting compromised

If someone gets your main wallet's seed phrase (for traditional wallets) or your passkey (for embedded wallets), they have complete authority — they can withdraw your USDC, revoke the agent, or do anything else you can do. The bot doesn't extend this risk; it's just the standard "don't share your seed phrase" rule that applies to every crypto holder.

5. LLM model bugs or unexpected behavior

If the bot uses an AI evaluator (HyperPerps AI does — Kimi K2.6 by default), there's a small risk of model behavior outside the trained distribution producing weird trades. The defense here is: hard server-side floors that reject mis-oriented stop-losses, R:R below threshold, or position sizes outside the configured budget. Even a hallucinating model can't bypass these — they execute before the order reaches Hyperliquid.

Custodial vs non-custodial: the actual difference

Most "trading bot" risk discussions blur the line between custodial and non-custodial. The distinction matters enormously:

	Custodial bot	Non-custodial bot (agent wallet)
Where USDC sits	In the bot operator's wallet	In your Hyperliquid account
If operator goes rogue	They can drain your funds	They cannot withdraw — only trade
If operator gets hacked	Hackers can drain your funds	Hackers can place trades on your account; cannot withdraw
If operator goes bust	Your funds may be stuck in bankruptcy proceedings	Your funds are in your HL account; not affected
How to "leave"	Withdraw funds (operator must cooperate)	Revoke agent in 1 click; funds were always yours

A bot that asks you to deposit USDC into "their" wallet first — under any framing — is custodial. The bot operator becomes the custodian; you're trusting them to be honest, solvent, and unhacked. Hyperliquid bots that use the agent-wallet model don't have that trust requirement. The distinction is the difference between trusting a person and trusting a protocol.

Try a non-custodial Hyperliquid bot

HyperPerps AI uses the agent-wallet model. Your USDC stays in your Hyperliquid account; we cannot touch it. Revoke in one click whenever you want.

Launch HyperPerps AI →

Zero monthly cost · 0.02% builder fee per trade

Frequently asked questions

Has any Hyperliquid trading bot ever drained user funds?

Bots that use the proper agent-wallet model: no — by construction, they cannot. Bots using custodial models (deposit-to-our-wallet): there have been multiple incidents across the broader crypto-bot space where operators absconded with user funds. This is not a Hyperliquid-specific risk — it's the general risk of any custodial product, and it's exactly why agent wallets exist as a permissioned alternative.

What if the bot operator's server gets compromised?

With the agent-wallet model, the worst case is that an attacker can place trades on your account. They cannot withdraw your funds. The trades still go through Hyperliquid's normal execution and are subject to your configured risk limits — so even a compromised bot can't, for example, place a 100x naked long that liquidates your account in one move. You'd see the unauthorized activity in your event log and revoke the agent within minutes.

Can I run a Hyperliquid trading bot with a hardware wallet?

Yes — your main wallet can be a hardware wallet (Ledger, Trezor). The hardware wallet authorizes the agent wallet once during setup; from then on, the bot uses the agent wallet's key for all trades and never touches the hardware wallet again. Your USDC sits in your Hyperliquid account associated with the hardware wallet's address; the agent's restricted permissions still apply.

Is my Privy embedded wallet as safe as MetaMask?

Roughly equivalent for the use case of running a bot. Privy stores the embedded wallet's key in a secure enclave tied to your authentication method (passkey, email, OAuth). MetaMask stores it locally encrypted by your password. Both are reasonable; both have failure modes (lost passkey vs lost MetaMask seed). For larger account sizes, a hardware wallet authorizing the agent is the higher-security option regardless of which embedded model you start with.

If the bot stops responding, are my positions stuck?

No. Your positions and any stop-loss / take-profit orders the bot already placed sit on Hyperliquid's order book and execute regardless of whether the bot is running. The bot is responsible for opening new trades and adjusting existing ones — but the protective orders on the book are independent. If the bot disappears entirely, your existing position will close at its stop-loss or take-profit, whichever fills first.

What about smart contract risk?

Hyperliquid's bridge contract (where USDC enters and exits Hyperliquid) is the only smart contract in the trade flow. It's been audited and operating without incident at multi-billion-dollar scale. Beyond the bridge, Hyperliquid's L1 is not a smart-contract chain — order matching and risk happen in the protocol layer directly, not via user-deployable contracts. Smart contract risk is therefore comparatively low vs (e.g.) running a bot on a Solidity-based DEX.