AlphaBox: A secure autonomous trading station

Alessandro Buser
Feb 1 · 6 min read

This is the second episode in a series of Blog Posts introducing the suite of Technologies which comprise the AlphaProject, a foundation layer for the new era of Decentralized Financial services. Today I will introduce the AlphaBox: a little piece of Hardware which autonomously manages your digital assets.


In the last blog-post I introduced the AlphaNexT self-auditing ATS. Today I will continue the series and shed more light on the full scope of the AlphaProject by introducing the AlphaBox, a first of its kind smart-device which can buy and subsequently execute trading signals using the IOTA-Tangle for data transmissions and payments. The AlphaBox was designed and developed around the core principles of usability, security and with decentralized exchanges in mind.

A Plug-and-Play trading station

With the emergence of autonomous signal selling systems such as AlphaNext, there is a need for an infrastructure to receive, pay for and execute these signals. The 24/7 nature of most autonomous trading systems requires receivers of such signals to be online at all times, without the need for human interaction.

One option that comes to mind is to run the receiver on a virtual private server (VPS). However, usability is key for any device aimed at the retail market and setting up a VPS and running it securely is an endeavor that requires skills most people don’t possess. Furthermore, VPS can be rented on a subscription basis, meaning that there is a recurring cost for the use of the infrastructure. The plug-and-play AlphaBox fulfills the needs of retail customers: it is accessible to anyone, requires minimal set up effort and is by nature considerably cheaper than any VPS services.

Increasing security by maintaining full ownership of API and private keys

API keys, used to access the exchange account on which automated trading signals are executed are currently a security risk, because the Signal Buyers do not have full ownership of them. Particularly, to today’s API keys infrastructure creates a thread of “Pump attacks” — for lack of a better term. This kind of attack was first witnessed on the 3 of July 2018, when an attacker with access stolen Binance API Keys managed to use a large amount of Bitcoins on other users accounts to buy up the entire order-book of the Bitcoin/Syscoin pair. One order of a single token, placed beforehand by the attacker, was filled at a price of 96 BTC/SYS, roughly 336'687 times the price the token was trading at on the days prior. The attacker had therefore successfully transferred large amounts of BTC from other users accounts to his own.

For optimal security in the new world of decentralized financial services, the Signal Buyers need to maintain full ownership of their API keys. While today most exchanges allow users to generate API keys which can be used to execute trades, these do not allow to withdraw funds.This will change once decentralized exchanges reach sufficient maturity and liquidity to gain wider adoption. In such an ecosystem, where API keys will likely become private keys (see for example binance-chain),users will be very hesitant to provide their private keys to third parties to allow for the execution of automated trading signals.

Based on these points the design criteria for the AlphaBox are as follows:

  • It needs to run 24/7 without need for human input
  • It should be easy to set up and require limited oversight once running
  • API/private keys are stored locally and are at no point sent over the internet

The IOTA-Tangle and devices with wallets

The IOTA Tangle is a new DLT built for the machine economy. The core features which make it a perfect fit for the use case at hand are:

  • Feeless transfers of data over secure communication channels through the Masked-Authenticated-Messaging (“MAM”) protocol;
  • Feeless value transfers enabling micropayments and payment streams for real-time delivery-versus-payment;
  • Machine readable and tailored to low-power devices and IoT environments;
  • Permissionless access to the codebase, development tools and libraries;
  • Future capability of oracle-enabled smart contracts and outsourced computations.

While the IOTA technology has not yet reached full maturity, like most other DLTs, it can already be used for a large variety of use cases.

The AlphaBox uses IOTAs Masked-Authenticated-Messaging to receive the signals sent by the Seller, the AlphaBox can have full confidence that the received data has not been tampered with and originates from the intended source.

Once the signal is received a payment for the requested amount is made in IOTA Tokens, out of a wallet owned by the AlphaBox. This is done without having to pay a transaction fee, allowing for an arbitrarily small price range. You can send $0.00000001 and receive $0.00000001. The micropayments feature allows a trading strategy producing many signals a minute to sell each signal individually, charging a very small amount for each one.

It also allows Signal Sellers to adapt the price for their signals dynamically, meaning that the price for the signals can be increased as the strategy establishes a proven track-record of its performance (on-chain using PoROI). Buyers therefore have the freedom to choose to pay a higher price per signal, or to move to a cheaper, but less established signal.

The IOTA-Tangle, a beautiful Directed Acyclic Graph (DAG) of transactions confirming each-other

The Components of the AlphaBox

An AlphaBox running on the IOTA-ainnet and trading with real money
An AlphaBox running on the IOTA-ainnet and trading with real money
An AlphaBox running on IOTA-mainnet and trading with real money

In its current Proof-of-Concept form, the AlphaBox is a Raspberry Pi 4, running a Python implementation of the Buyer-Node and the only Exchange supported is Binance.

The goal for the coming months will be to find a cheaper hardware alternative and implement the node in a more efficient language such as Rust.

The AlphaBox can be run on an Ethernet connection removing the need for it to be connected to WiFi networks.

The IOTA Wallet can be exported from the Official Trinity Wallet using the SeedVault feature. The Wallet, the API Keys and access information to the MAM channel on which the signals are sent, are transferred to the Raspberry Pi using a USB stick.

This means that the end-user has to perform only 4 steps to set up an AlphaBox:

1. Export an IOTA wallet from Trinity

2. Export the API Keys from Binance

3. Get the access information to the MAM channel (provided by the seller)

4. Put everything on a USB stick and plug it into the Raspberry Pi

Upon power-up the software loads the data from the USB stick and sends a confirmation transaction on IOTA to verify that everything is working as intended. Once this is done, the USB stick can be removed and stored safely.

The AlphaBox runs as long as it has power and an internet connection. A built-in email system notifies the owner of executed trades or problems with the system. In the future it might even autonomously scan for new strategies and make recommendations to its owner.

The AlphaBox is currently being tested in a closed beta, the source-code will be open sourced once testing is completed and the design finalized.

If you are interested in joining the open beta please sign up to get notified when it starts at


The AlphaBox is a new powerful autonomous trading station. It receives and pays for Signals with the IOTA technology, a DLT perfectly equipped to be used by smart devices. The unique design of the AlphaBox makes it very easy to use and requires close to no oversight once running. The feature of holding the access keys to the exchanges locally make it compatible with the requirements of upcoming decentralized exchanges and is more secure when used with traditional exchanges.

Alessandro Buser

Written by

Developer, Analyst and Consultant working on the future of Financial Services

More From Medium

Related reads

Related reads


Alon Gal
Aug 1, 2018 · 4 min read


Welcome to a place where words matter. On Medium, smart voices and original ideas take center stage - with no ads in sight. Watch
Follow all the topics you care about, and we’ll deliver the best stories for you to your homepage and inbox. Explore
Get unlimited access to the best stories on Medium — and support writers while you’re at it. Just $5/month. Upgrade