#poloniex clone app | Explore Tumblr Posts and Blogs

legit-scam-review · 6 years

Text

Six Tools Used by Hackers to Steal Cryptocurrency: How to Protect Wallets

In the early July, it was reported that Bleeping Computer detected suspicious activity targeted at defrauding 2.3 million Bitcoin wallets, which they found to be under threat of being hacked. The attackers used malware — known as “clipboard hijackers” — which operates in the clipboard and can potentially replace the copied wallet address with one of the attackers.

The threat of hacking attacks of this type has been predicted by Kaspersky Lab as early as November of last year, and they did not take long to become reality. For the time being, this is one of the most widespread types of attacks that is aimed at stealing users’ information or money, with the overall estimated share of attacks to individual accounts and wallets being about 20 percent of the total number of malware attacks. And there’s more. On July 12, Cointelegraph published Kaspersky Lab’s report, which stated that criminals were able to steal more than $9 million in Ethereum (ETH) through social engineering schemes over the past year.

Image source: Carbon Black

Briefly about the problem

The already mentioned Bleeping Computer portal, which works on improving computer literacy, writes about the importance of following at least some basic rules in order to ensure a sufficient level of protection:

“Most technical support problems lie not with the computer, but with the fact that the user does not know the ‘basic concepts’ that underlie all issues of computing. These concepts include hardware, files and folders, operating systems, internet and applications.”

The same point of view is shared by many cryptocurrency experts. One of them, Ouriel Ohayon — an investor and entrepreneur — places the emphasis on the personal responsibility of users in a dedicated Hackernoon blog:

“Yes, you are in control of your own assets, but the price to pay is that you are in charge of your own security. And since most people are not security experts, they are very much often exposed — without knowing. I am always amazed to see around me how many people, even tech savvy ones, don’t take basic security measures.”

According to Lex Sokolin — the fintech strategy director at Autonomous Research — every year, thousands of people become victims of cloned sites and ordinary phishing, voluntarily sending fraudsters $200 million in cryptocurrency, which is never returned.

What could that tell us? Hackers that are attacking crypto wallets use the main vulnerability in the system — human inattention and arrogance. Let’s see how they do it, and how one can protect their funds.

250 million potential victims

A study conducted by the American company Foley & Lardner showed that 71 percent of large cryptocurrency traders and investors attribute theft of cryptocurrency to the strongest risk that negatively affects the market. 31 percent of respondents rate the hackers’ activity threat to the global cryptocurrency industry as very high.

Image source: Foley & Lardner

Experts from Hackernoon analyzed the data about hacking attacks for 2017, which can be conditionally divided into three large segments:

– Attacks on the blockchains, cryptocurrency exchanges and ICOs;

– Distribution of software for hidden mining;

– Attacks directed at users’ wallets.

Surprisingly, the article “Smart hacking tricks” that was published by Hackernoon didn’t appear to get wide popularity and warnings that seem to be obvious for an ordinary cryptocurrency user must be repeated again and again, as the number of cryptocurrency holders is expected to reach 200 million by 2024, according to RT.

According to research conducted by ING Bank NV and Ipsos — which did not consider East Asia in the study — about nine percent of Europeans and eight percent of U.S. residents own cryptocurrencies, with 25 percent of the population planning to buy digital assets in the near future. Thus, almost a quarter of a billion potential victims could soon fall into the field of hacking activity.

Apps on Google Play and the App Store

Tips e – Don’t get carried away with installing mobile applications without much need; -Add Two Factor Authorization-identification to all applications on the smartphone; -Be sure to check the links to applications on the official site of the project.

Victims of hacking are most often smartphone owners with Android operating system, which does not use Two Factor Authentication (2FA) — this requires not only a password and username, but also something that user has on them, i.e., a piece of information only they could know or have on hand immediately, such as a physical token. The thing is that Google Android’s open operating system makes it more open to viruses, and therefore less safe than the iPhone, according to Forbes. Hackers add applications on behalf of certain cryptocurrency resources to the Google Play Store. When the application is launched, the user enters sensitive data to access their accounts and thereby gives hackers access to it.

One of the most famous targets of a hacking attacks of this type were traders of the American cryptocurrency exchange Poloniex, which downloaded mobile applications posted by hackers on Google Play, pretending to be a mobile gateway for the popular crypto exchange. The Poloniex team didn’t develop applications for Android, and its site doesn’t have links to any mobile apps. According to Lukas Stefanko, a malware analyst at ESET, 5,500 traders had been affected by the malware before the software was removed from Google Play.

Users of iOS devices, in turn, more often download App Store applications with hidden miners. Apple was even forced to tighten the rules for admission of applications to its store in order to somehow suspend the distribution of such software. But this is a completely different story, the damage from which is incomparable with the hacking of wallets, since the miner only slows down the computer operation.

Bots in Slack

Tips: -Report Slack-bots to block them; -Ignore bots’ activity; -Protect the Slack-channel, for example, with Metacert or Webroot security bots, Avira antivirus software or even built-in Google Safe Browsing.

Since mid-2017, Slack bots aimed at stealing cryptocurrencies have become the scourge of the fastest-growing corporate messenger. More often, hackers create a bot that notifies users about problems with their cryptos. The goal is to force a person to click the link and enter a private key. With the same speed with which such bots appear, they are blocked by users. Even though the community usually reacts quickly and the hacker has to retire, the latter manages to make some money.

Image source: Steemit @sassal

The largest successful attack by hackers through Slack is considered to be the Enigma group hack. The attackers used Enigma’s name — which was hosting its presale round — to launch a Slack bot, and ended up defrauding a total of $500,000 in Ethereum from credulous users.

Add-ons for crypto trading

Tips -Use a separate browser for operations with cryptocurrencies; -Select an incognito mode; -Do not download any crypto add-ons; -Get a separate PC or smartphone just for crypto trading; -Download an antivirus and install network protection.

Internet browsers offer extensions to customize the user interface for more comfortable work with exchanges and wallets. And the issue is not even that add-ons read everything that you are typing while using the internet, but that extensions are developed on JavaScript, which makes them extremely vulnerable to hacking attacks. The reason is that, in recent times — with the popularity of Web 2.0, Ajax and rich internet applications — JavaScript and its attendant vulnerabilities have become highly prevalent in organizations, especially Indian ones. In addition, many extensions could be used for hidden mining, due to the user’s computing resources.

Authentication by SMS

Tips: -Turn off call forwarding to make an attacker’s access to your data impossible; -Give up 2FA via SMS when the password is sent in the text, and use a two-factor identification software solution.

Many users choose to use mobile authentication because they are used to doing it, and the smartphone is always on hand. Positive Technologies, a company that specializes in cybersecurity, has demonstrated how easy it is to intercept an SMS with a password confirmation, transmitted practically worldwide by the Signaling System 7 (SS7) protocol. Specialists were able to hijack the text messages using their own research tool, which exploits weaknesses in the cellular network to intercept text messages in transit. A demonstration was carried out using the example of Coinbase accounts, which shocked the users of the exchange. At a glance, this looks like a Coinbase vulnerability, but the real weakness is in the cellular system itself, Positive Technologies stated. This proved that any system can be accessed directly via SMS, even if 2FA is used.

Public Wi-Fi

Tips: -Never perform crypto transactions through public Wi-Fi, even if you are using a VPN; -Regularly update the firmware of your own router, as hardware manufacturers are constantly releasing updates aimed at protecting against key substitution.

Back in October last year, in the Wi-Fi Protected Access (WPA) protocol — which uses routers — an unrecoverable vulnerability was found. After carrying out an elementary KRACK attack (an attack with the reinstallation of the key) the user’s device reconnects to the same Wi-Fi network of hackers. All the information downloaded or sent through the network by a user is available to attackers, including the private keys from crypto wallets. This problem is especially urgent for public Wi-Fi networks at railway stations, airports, hotels and places where large groups of people visit.

Sites-clones and phishing

Tips: -Never interact with cryptocurrency-related sites without HTPPS protocol; -When using Chrome, customize the extension — for example, Cryptonite — which shows the addresses of submenus; -When receiving messages from any cryptocurrency-related resources, copy the link to the browser address field and compare it to the address of the original site; -If something seems suspicious, close the window and delete the letter from your inbox.

These good old hacking methods have been known since the “dotcom revolution,” but it seems that they are still working. In the first case, attackers create full copies of the original sites on domains that are off by just one letter. The goal of such a trick — including the substitution of the address in the browser address field — is to lure a user to the site-clone and force them to enter the account’s password or a secret key. In the second case, they send an email that — by design — identically copies the letters of the official project, but — in fact — aims to force you to click the link and enter your personal data. According to Chainalysis, scammers using this method have already stolen $225 million in cryptocurrency.

Cryptojacking, hidden mining and common sense

The good news is that hackers are gradually losing interest in brutal attacks on wallets because of the growing opposition of cryptocurrency services and the increasing level of literacy of users themselves. The focus of hackers is now on hidden mining.

According to McAfee Labs, in the first quarter of 2018, 2.9 million samples of virus software for hidden mining were registered worldwide. This is up by 625 percent more than in the last quarter of 2017. The method is called “cryptojacking” and it has fascinated hackers with its simplicity in such away that they massively took up its implementation, abandoning the traditional extortion programs.

The bad news is that the activity of hacking has not decrease in the least bit. Experts of the company Carbon Black — which works with cybersecurity — revealed that, as of July 2018, there are approximately 12,000 trading platforms on the dark web selling about 34,000 offers for hackers. The average price for malicious attack software sold on such a platform is about $224.

Picture source: Carbon Black

But how does it get on our computers? Let’s return to the news with which we started. On June 27, users began leaving comments on Malwarebytes forum about a program called All-Radio 4.27 Portable that was being unknowingly installed on their devices. The situation was complicated by the impossibility of its removal. Though, in its original form, this software seems to be an innocuous and popular content viewer, its version was modified by hackers to be a whole “suitcase” of unpleasant surprises.

Of course, the package contains a hidden miner, but it only slows down the computer. As for the program for monitoring the clipboard, that replaces the addresses when the user copies and pastes the password, and it has been collecting 2,343,286 Bitcoin wallets of potential victims. This is the first time when hackers demonstrated such a huge database of cryptocurrency owners — so far, such programs have contained a very limited set of addresses for substitution.

After replacing the data, the user voluntarily transfers funds to the attacker’s wallet address. The only way to protect the funds against this is by double-checking the entered address when visiting the website, which is not very pleasant, but reliable and could become a useful habit.

After questioning of victims of All-Radio 4.27 Portable, it was discovered that malicious software got on their computers as a result of unreasonable actions. As the experts from Malwarebytes and Bleeping Computer found out, people used cracks of licensed programs and games, as well as Windows activators like KMSpico, for example. Thus, hackers have chosen as victims those who consciously violated copyright and security rules.

Well-known expert on Mac malware Patrick Wardle often writes in his blog that many viruses addressed to ordinary users are infinitely stupid. It’s equally silly to become a victim of such hacking attacks. Therefore, in conclusion, we’d like to remind you of the advice from Bryan Wallace, Google Small Business Advisor:

“Encryption, anti-virus software, and multi-factor identification will only keep your assets safe to a point; they key is preventive measures and simple common sense.”

Recommended Read

Editors' Picks

BinBot Pro – Safest & Highly Recommended Binary Options Auto Trading Robot

Do you live in a country like USA or Canada where using automated trading systems is a problem? If you do then now we ...

User rating:

9.5

Demo & Pro Version Get It Now Hurry!

Read full review

The post Six Tools Used by Hackers to Steal Cryptocurrency: How to Protect Wallets appeared first on Legit or Scam.

Read more from → https://legit-scam.review/six-tools-used-by-hackers-to-steal-cryptocurrency-how-to-protect-wallets-4

0 notes

jonaswald · 2 years

Text

Does the Poloniex clone script benefit the entrepreneurs?

One of the popular crypto exchanges in the crypto-space is Poloniex, with a huge user base and high interaction among crypto enthusiasts. Seeing the rise in demand for crypto exchanges, many entrepreneurs started figuring out possible ways to recreate a crypto exchange on their own. Most of the results didn’t favor them. But, surprisingly they found the most effective way for establishing a crypto exchange like Poloniex, using the Poloniex clone script. Even after figuring out the most effective way, there remained a doubt does it actually helped entrepreneurs. Let’s bring an end to this,

High customization scope:

Using the Poloniex clone script, you can easily implement the necessary customizations for your crypto exchange. Apart from the pre-defined features, more security features can be integrated to enhance the exchange’s competency.

Quick Deployment:

Making use of this Poloniex clone script, the overall period for launching your crypto exchange reduces to the base level. Being a pre-coded one, after making required changes and customizations your crypto exchange will be ready for deployment with complete perfection.

Highly Affordable:

Apart from other benefits, the Poloniex clone script supports the majority of the budding entrepreneurs with its affordable budget. Instead of spending a whole lot of money with the other development methodologies, making use of this Poloniex clone script helps you save a huge portion of your budget.

High success Ratio:

As this Poloniex clone script is developed with a skillful team of experts, the script itself comes with a professional touch. With such a masterpiece you could possibly stand out from the crowd.

This is how the Poloniex clone script benefits the entrepreneurs, these are some of the direct benefits that could be explained. Other than this, there are much more benefits that could guide your crypto exchange business indirectly. Yes! Being an entrepreneur, this Poloniex clone script would excite you to a greater extent. Before initiating your business plan, ensure to have deep knowledge of the crypto exchange software providers. As they will be the sole responsible for uplifting your business to a greater extent.

Seeing the wide availability of the crypto exchange software providers, it seems to be a bit complicated task to pick a specified one. But, I’ve made this completely easy for you. After analyzing various crypto exchange software providers, one particular provider caught my attention with its extensive knowledge of this blockchain technology and crypto exchange projects ~ Coinsclone.

Instead of peeking through texts, have a look at their impressive portfolio now and that would define why I chose them over others.

#business #Poloniex clone script #Poloniex clone app #Poloniex clone software

0 notes

luxus4me · 7 years

Link

SitePoint http://j.mp/2roJNqL

This post was originally published on Medium and reposted here with the author’s permission. Why not head on over there and give them some ❤️?

This tutorial will walk you through the full process of building a bitcoin bot with PHP – from setup, on to your first execution of an automated trade, and beyond.

Cryptocurrencies

I should not need to tell you but, a couple of months ago you could buy the cryptocurrency Ether for $11, it rapidly went up to $43 (I bought in between those prices) and has now gone to over $335 as of June 2017. Those kinds of gains are nearly unbelievable to a traditional investor and yet these are across the board in this space. Excited yet? So here is a scenario:

You made a ton of money on cryptocurrencies and have some concerns about shuffling it through your bank because of potential capital gains tax issues. There are places that have a solution for you if you want to be able to use this money for other investments. These places won’t make you photograph your license and send it in, just use an email and they provide you with a BTC deposit wallet, demo accounts, APIs, then when you are ready, you send money in and it’s ‘go time’, you can trade everything from treasury bonds to Forex using Cryptocurrencies as your base monetary instrument.

But, you say, I am a coder who likes to automate things, surely we can fire up some BTCbot and we can have it just do the work for us, it will make us millions in our sleep, right?

Probably not.

My solution

I don’t want to write a bot and publish it with a single strategy and just say “here, use this”, I don’t think that is helpful to anyone, I would rather give you the tools and show you how to write strategies yourself, show you how to set up data collection for the strategies and how to implement them in a trading system and see the results.

Also, I don’t want to create this in a new or arcane language, I want this written in PHP which the biggest number of people are familiar with and in a framework (Laravel – here’s a great premium course for sale, and a bunch of free articles if you’re not familiar with it) that is simple to use but powerful enough to let you can create what you need. If you think PHP is just for web pages, read on, this should surprise you.

I like to build systems. I have been working on this post for a while and it represents a good deal of non-derivative custom work. If you have read some of my other tutorials you know that I like to write tutorials that “I wish that I had found instead of having to to write”, so you are in for a thorough read, with a lot of copy-paste style recipes.

Let’s get started.

Steps we are going to take:

Get boilerplate/framework installed.

Walk through the core parts of the system, see what is where.

Install and configure the software we need.

Account creation at the brokerages we will be using, setting up the API keys for the scripts.

Run tests and examples.

Set up websocket streams to get data.

Finding strategies for our automated agents.

Deep dive into Indicators and Candles available to us.

Coding up our first agent.

Testing the agent.

A few closing words about the risks you are taking.

Get boilerplate/framework installed (Bowhead)

You can find the repository for the Bowhead boilerplate at it’s Github repository. It’s a full application already, but we’ll be using its functionality to get the stuff in this post done.

It is recommended you use the extremely Laravel-friendly Homestead Improved Vagrant box for a good, isolated development environment you can get started with in under 5 minutes. If you’re unfamiliar with Vagrant, here’s an excellent re-introduction, and if you’d like to dig deeper, this premium book will teach you amazing things.

git clone http://j.mp/2rp7sam cd bowhead composer install cp .env-example .env sudo pecl install trader echo "extension=trader.so" | sudo tee /etc/php/7.1/mods-available/trader.ini sudo phpenmod trader

Now let’s explain the the current folder structure of the app.

app/Console/Commands/

This is where all our console commands are located.

BitfinexWebsocketCommand.php – Stream market data from Bitfinex

CoinbaseWebsocketCommand.php – Stream market data from GDAX

ExampleForexStrategyCommand.php – Forex example strategy

ExampleStrategyCommand.php – Our example of a strategy

ExampleUsageCommand.php – Basic usage examples

GetHistoricalCommand.php – Pull in historic data from broker

OandaStreamCommand.php – Stream market data from Oanda

app/Util/

Is where all the utility classes that are available are found.

Bitfinex.php – Bitfinex API wrapper

BrokersUtil.php – Utilities for various brokers

Candles.php – All 60 TALib candle methods wrapped

Coinbase.php – GDAX API wrapper

Console.php – Console color, tables and progress

Indicators.php – 21 TALib indicators and moving averages.

Oanda.php – Oanda API wrapper

OneBroker.php – 1Broker API wrapper

Other.php – possible indicators, not implemented yet

testStrategy.php – Here is your test strategy

Whaleclub.php – Whaleclub API wrapper

app/Scripts

Extras and some testing data, these scripts are SKLearn price forecasting scripts taken from a study on beer consumption I thought was really useful, these might be used for market price predictions.

close_prediction.py – SKLearn script to predict a closing price

ohlc-btc.csv – Sample CSV data, if needed

open_prediction.py – SKLearn script to predict an opening price – a python script in the root dir called ‘streaming.py’ which is part of the Oanda streaming command.

If you execute php artisan, you should see something like the following, the part you are interested in is below.

Redis and MySQL

Redis really does not need any tweaking out of the box, it’s installed and ready if you’re using Homestead Improved.

MySQL will need a database and a few tables. Change the credentials in the .env file (create it from .env.example if it doesn’t exist).

DB_CONNECTION=mysql DB_HOST=localhost DB_PORT=3306 DB_DATABASE=homestead DB_USERNAME=homestead DB_PASSWORD=secret

Let’s add the DB dump into MySQL:

mysql -u homestead -psecret < app\Script\DBdump.sql

Open up the database in a tool like Sequel Pro and you will the sample data in the bowhead_ohlc (open, high, low, close) table.

API accounts we need in order to set up automated trading

Full disclosure: Where possible, I have set up bonuses for you on these links, all sites below offer free accounts which do not require ‘verification’ and do not require a deposit. The links are referral links which also bring me some perks if you sign up.

1) Whaleclub is the main site we want to trade on for this tutorial. They key their market data off of the Bitfinex websocket and match with Oanda streaming data for Forex. This site allows you to trade many instruments and commodities with BTC at up to 20x leverage, Forex up to 222x as well as providing BTC-based binary options. They have a simple, easy to understand interface and an excellent API. The API key is found by clicking on your name in the upper-right, and clicking on API. (use DEMO API key to start)

2) 1Broker the secondary site we want to trade on, they are similar to other BTC-based market makers and have a ‘trader follow’ system as well that is fairly interesting, particularly to get people following ‘you’. The API key is found on the right, just under the email icon, there is a small box with what looks like sliders on it, then click on Access & API Management.

3) Oanda is where we get our streaming Forex data, you need an account. API access is found here.

4) Coinbase/GDAX is what used to be called ‘Coinbase Exchange’ and is now called GDAX. I have been automated-trading there since they first opened. The API key is found at the far upper-right, then click on API and create your keys.

5) Bitfinex – you need an account here with an API key so we can get Cryptocurrency quotes. API keys are found under ‘Account’ then click on API.

6) Poloniex is like Bitfinex but supports many alt-coins. API keys are found under Settings – API Keys.

7) TradingView is not mandatory, but you will want an account there because all the indicators bowhead uses can be viewed on charts to help you build your strategies.

The reasoning behind this combination is that the Whaleclub and 1Broker APIs are rate limited, WC only allows 60 requests per minute, if we want to make sure we have streaming real-time data to work with we need to stream from a BTC brokerage. Same with Forex.

Definitely look around on these sites and see what they have to offer, I’ve been around the block with a lot of brokers and market maker sites and for BTC, these are all good as of June 2017. For Forex, Oanda is great, but for the purposes here of trading using BTC we just need their streaming Forex data.

Once you get the API keys for these sites, you will want to put them in your .env file.

NOTE: Start off by using DEMO/TEST API keys, DO NOT use real money API keys with untested trading scripts.

Let’s test that we are set up right.

Bowhead has a testing script to verify that everything is set up correctly and that you have the right API keys, PHP version and the Trader extension is correctly installed.

php artisan bowhead:example_usage

This script will stop on any issues that you may have and provide commands to run to fix the issues or links to get API keys you might still need.

Let’s get data flowing in

We have two things we need to do for data here so we can create an automated trading system that can trade both Crypto and Forex pairs. We will be using this data to trade on BTC market maker sites in real time.

Get streaming Forex data coming into our database from Oanda.

Get streaming Cryptocurrency data coming into our database from Bitfinex

Note: You should have the screen command installed on the server the app is running on. Screen is a terminal tool for detaching windows and keeping them running in the background. You can detach a screen, log off and come back and reattach to it from another location at another time.

screen python streaming.py screen php artisan bowhead:oanda_stream

This is what the Forex streamer looks like if you turn the echo back on.

Now if the Forex markets are open (U.S.A Eastern time, Sunday 5:00pm to Friday 4pm) you will start to see data flowing into the bowhead_ohlc table for the currency pairs that are traded on Whaleclub. The list is in streaming.py and can be modified there. The following pairs are all streaming into your database in real time now. USD_JPY, EUR_USD, AUD_USD, EUR_GBP, USD_CAD, USD_CHF, USD_MXN, USD_TRY, USD_CNH, NZD_USD

Now we have regular Forex data, lets add in the BTC/USD currency pair.

screen php artisan bowhead:websocket_bitfinex

Crypto markets are open 24/7 and you should begin to see current data flowing in immediately.

To see these running processes and reattach to them use screen -list and screen -r

~$ screen -list There are screens on: 4604.ttys005.Joels-MacBook-Pro-2 (Detached) 4636.ttys005.Joels-MacBook-Pro-2 (Detached) 4652.ttys005.Joels-MacBook-Pro-2 (Detached) 3 Sockets in /var/folders/bq/79z2kd916hbd39n5bckb5_s00000gn/T/.screen.

The numbers on the left are the screen IDs so in this instance you can reattach to the latest (Bitfinex) screen by using the following command.

screen -r 4604

We are only using screen for the purposes of this tutorial on a local machine, for a server environment we put these on supervisord to make sure they are always running on our server and if they die, then they are restarted.

This is the supervisord conf I use for this, you may need to change the directory for your user. From /etc/supervisor/conf.d/crypt.conf:

[program:oanda] command=/usr/bin/python streaming.py user=ubuntu directory=/home/ubuntu/bowhead startretries=3 stopwaitsecs=10 autostart=true [program:o_stream] command=/usr/bin/php artisan bowhead:oanda_stream user=ubuntu directory=/home/ubuntu/bowhead startretries=3 stopwaitsecs=10 autostart=true [program:wsbitfinex] command=/usr/bin/php artisan bowhead:websocket_bitfinex directory=/home/ubuntu/bowhead startretries=3 stopwaitsecs=10 autostart=true

You can see what these look like in Supervisor with

~$ sudo supervisorctl o_stream RUNNING pid 31644, uptime 1 day, 22:15:24 oanda RUNNING pid 31645, uptime 1 day, 22:15:24 wsbitfinex RUNNING pid 31646, uptime 1 day, 22:15:24 supervisor> help default commands (type help <topic>): ===================================== add exit open reload restart start tail avail fg pid remove shutdown status update clear maintail quit reread signal stop version supervisor>

note: Currently, bowhead only supports BTC/USD from Bitfinex, I will be adding ETH and LTC in future revisions. You can create an ETH version of this if you want by copying and modifying the BitfinexWebsockCommand.php file to use ETHUSD and renaming the class. You will need to add any new commands class to the $commands array in app/Console/Kernel.php

Finding strategies

So, we have our boilerplate/framework set up. We have accounts and we have data flowing into our database. We also have our indicator/signals and candles working. Let’s jump in and see how to create a very simple strategy.

Now that we see how we can use this, we need strategies and we need to know how to find more strategies. Quantopian is a great resource for strategies.

For instance, two that I was recently looking at: “Stocks On The Move” and “Trading on multiple TA-Lib signals” are both interesting, however saying we use TALib methods in bowhead, lets go with the latter, additionally this will only be for BTC as Oanda does not return Volume with forex pairs.

You will notice that this strategy uses three signals to determine if a stock (or in our case a pair) is overbought (sell) or underbought (buy).

Money flow index (mfi)

Commodity channel index (cci)

Chande momentum oscillator (cmo)

This is a simple technicals strategy where if all three of these indicators agree then we go the direction they say to go. Here is the core part of the strategy in code.

$indicators = new \Bowhead\Util\Indicators(); $recentData = $util->getRecentData('BTC/USD'); $cci = $indicators->cci($instrument, $recentData); $cmo = $indicators->cmo($instrument, $recentData); $mfi = $indicators->mfi($instrument, $recentData); /** instrument is overbought, we will short */ if ($cci == -1 && $cmo == -1 && $mfi == -1) { $overbought = 1; } /** It is underbought, we will go LONG */ if ($cci == 1 && $cmo == 1 && $mfi == 1) { $underbought = 1; }

Don’t worry about putting this anywhere, this strategy is included in bowhead as a console command

php artisan bowhead:example_strategy

NOTE: DO NOT RUN THIS ON YOUR LIVE ACCOUNT UNTIL YOU HAVE TESTED IT, USE YOUR DEMO API KEY TO START.

The output will look like this!

If you would like to see what these look like on a chart, then head over to TradingView and add the indicators. TradingView idea stream is another great place to find strategies and see what other people are doing and you can view the strategies in the source code section of of TradingView.

Bowhead Indicators and Candles

I provide two classes in bowhead for checking signals on data: Candles and Indicators. Each class has an all method which will run all the methods in its parent class over the data you provide.

To keep things as simple as possible without sacrifice of functionality all methods in both of these libraries provide a return as -1, 0 or 1. Where ‘1’ will always be the buy or ‘bullish’ side and ‘-1’ will always be the sell or ‘bearish’ side, where applicable. There are a couple which return -100 and 100 as returns, please read the comments above each method and in each class for more info about abnormal return values as there are links to explain what they do and why we use them as well as what they represent and how you can use them in your scripts.

Candles.php — the allCandles() method will check for the presence of 60 specific candles across your dataset. It returns a complex array which will even provide the data point location of the candle and data points around the candle. For purposes of automated scripting, the current array in the return is the candles that are currently active.

Indicators.php —Provides multiple indicators over a dataset, these are all the common technical indicators such as Bollinger bands, RSI and many types of moving averages. These include overlap studies, momentum indicators, volume indicators and volatility indicators. There are no cycle indicators yet. The core methods are adx, aroonosc, cmo, sar, cci, mfi, obv, stoch, rsi, macd, bollingerBands, atr with MA methods of sma, ema, wma, dema, tema, trima, kama, mama, and t3 which can be combined using macdext() fairly dynamically.

SMA methods are typically called by themselves as they cannot respond with a buy or sell signal

These two sets of indicators and candles can be combined in many different ways that have been noted in the comments at the top of each class. Combining MA cross overs with Bearish/Bullish candle patterns (which would not be apparent to a moving average), you can pinpoint your entries and exits much better.

Packaging these trader methods in this way provides a lot of flexibility to you to be able to use them very easily and as you notice above, translating a strategy is very simple when you have only buy(1)/hold(0)/sell(-1) signals.

Code it up

So, lets do another quick script that will showcase what we do, this time lets do a Forex bot that trades all the pairs on WC, and it will use the following technical strategy.

Average directional movement index (ADX) is a trend indicator that typically returns a number from 0–100. Under 20 it indicates a weak trend, over 50 it indicates a strong trend. Bowhead returns a -1 for under 20 and a 1 for over 50;

Two simple moving averages, on period 6 and period 40. Period 6 SMA will follow the price very closely and just smooth out any spikes. An SMA 40 is a much more smoothed average which will cross the period 6 at various points when movements start taking place. The ADX is a check that we are indeed in a trend and not in a ranging (sideways) market.

When ADX registers a trend (over 50), and our SMA(40) down-crosses the SMA(6) we can buy as the trend is now moving up.

When ADX registers a trend and our SMA (40) up-crosses the SMA(6) we can sell as the trend is now moving down.

Here is what this looks like on TradingView, orange in the bottom is the ADX, the green line is the SMA(6) and the blue line is the SMA(40). You can see where you would most likely want to do your trades and lo and behold, we have some line crossings at or near those exact places.

Seems kind of complicated? Not when you are working in bowhead. The main thing is we need to get the data off the stack for checking previous and current values, that way you can tell when a moving average has crossed another moving average.

$recentData = $util->getRecentData($instrument); $adx = $indicators->adx($instrument, $recentData); $_sma6 = trader_sma($recentData['close'], 6); $sma6 = array_pop($_sma6); $prior_sma6 = array_pop($_sma6); $_sma40 = trader_sma($recentData['close'], 40); $sma40 = array_pop($_sma40); $prior_sma40 = array_pop($_sma40); /** have the lines crossed? */ $down_cross = (($prior_sma6 <= $sma40 && $sma6 > $sma40) ? 1 : 0); $up_cross = (($prior_sma40 <= $sma6 && $sma40 > $sma6) ? 1 : 0); Now you can just if ($adx == 1 && $down_cross) { $buy = 1; } if ($adx == 1 && $up_cross) { $sell = 1; }

Testing it

Okay, so I provided this as the following file, ADX will spit out errors (-9) without at least 21 data points, so keep that in mind.

app/Console/Commands/ExampleForexStrategyCommand.php ~$ php artisan bowhead:example_forex_strategy

This is what it looks like.

Closing words and a note about risk

Now you can find strategies and quickly build your own scripts to trade cryptocurrencies via technical indicators and candle patterns. The sky is the limit.

Because this is within the Laravel framework, you can create web pages to manage your automated trading, easily create strategies using web-based tools. You can use the queues and jobs system to have strategy ‘workers’ (I will be adding this as I update it), broadcasts, and so on.

Now to talk about risk.

I would like to point out that there is SUBSTANTIAL risk involved in cryptocurrency trading and you need to make sure you are in demo mode when testing and working out your strategies. This is of paramount importance as I would hate to hear of someone who lost any amount of money because of this.

I am personally fairly risk tolerant and sometimes it pays off. I use Bowhead to do WC ‘Turbo’ trading (which is Forex Binary options), these are a ‘guess’ if the price will be up or be down in 1 minute and 5 minute contracts. If you guess right then win up to 75% return, if you guess wrong then you lose your entire bet. There are some Forex strategies specifically for Turbo trading that I have had some good luck with. However, be aware that most require you are in a trending market. So an indicator like ADX on a longer period is not a bad choice.

Here is an example of one strategy that was working.

Final note

Part 2 will go over making your bot talk to all the exchanges and even attempt to discern price discrepancies, building real-time GDAX straddle-bot using about five Forex strategies and even setting up Bowhead as an API.

If you notice any errors here or have any issues with the code, please let me know, make a comment here or open an issue in the Github repository and I will address it.

— Keep in mind that this project is under active development.

http://j.mp/2roF3kZ via SitePoint URL : http://j.mp/2c7PqoM

#News

0 notes

t-baba · 7 years

Photo

How to Build a Cryptocurrency Auto-Trader Bot with PHP? 💰

This tutorial will walk you through the full process of building a bitcoin bot with PHP - from setup, on to your first execution of an automated trade, and beyond.

Cryptocurrencies

But, you say, I am a coder who likes to automate things, surely we can fire up some BTCbot and we can have it just do the work for us, it will make us millions in our sleep, right?

Probably not.

My solution

Also, I don’t want to create this in a new or arcane language, I want this written in PHP which the biggest number of people are familiar with and in a framework (Laravel - here's a great premium course for sale, and a bunch of free articles if you're not familiar with it) that is simple to use but powerful enough to let you can create what you need. If you think PHP is just for web pages, read on, this should surprise you.

Let’s get started.

Steps we are going to take:

Get boilerplate/framework installed.

Walk through the core parts of the system, see what is where.

Install and configure the software we need.

Account creation at the brokerages we will be using, setting up the API keys for the scripts.

Run tests and examples.

Set up websocket streams to get data.

Finding strategies for our automated agents.

Deep dive into Indicators and Candles available to us.

Coding up our first agent.

Testing the agent.

A few closing words about the risks you are taking.

Get boilerplate/framework installed (Bowhead)

You can find the repository for the Bowhead boilerplate at it’s Github repository. It's a full application already, but we'll be using its functionality to get the stuff in this post done.

It is recommended you use the extremely Laravel-friendly Homestead Improved Vagrant box for a good, isolated development environment you can get started with in under 5 minutes. If you're unfamiliar with Vagrant, here's an excellent re-introduction, and if you'd like to dig deeper, this premium book will teach you amazing things.

git clone http://ift.tt/2rhggPO cd bowhead composer install cp .env-example .env sudo pecl install trader echo "extension=trader.so" | sudo tee /etc/php/7.1/mods-available/trader.ini sudo phpenmod trader

Now let's explain the the current folder structure of the app.

app/Console/Commands/

This is where all our console commands are located.

BitfinexWebsocketCommand.php - Stream market data from Bitfinex

CoinbaseWebsocketCommand.php - Stream market data from GDAX

ExampleForexStrategyCommand.php - Forex example strategy

ExampleStrategyCommand.php - Our example of a strategy

ExampleUsageCommand.php - Basic usage examples

GetHistoricalCommand.php - Pull in historic data from broker

OandaStreamCommand.php - Stream market data from Oanda

app/Util/

Is where all the utility classes that are available are found.

Bitfinex.php - Bitfinex API wrapper

BrokersUtil.php - Utilities for various brokers

Candles.php - All 60 TALib candle methods wrapped

Coinbase.php - GDAX API wrapper

Console.php - Console color, tables and progress

Indicators.php - 21 TALib indicators and moving averages.

Oanda.php - Oanda API wrapper

OneBroker.php - 1Broker API wrapper

Other.php - possible indicators, not implemented yet

testStrategy.php - Here is your test strategy

Whaleclub.php - Whaleclub API wrapper

app/Scripts

Extras and some testing data, these scripts are SKLearn price forecasting scripts taken from a study on beer consumption I thought was really useful, these might be used for market price predictions.

close_prediction.py - SKLearn script to predict a closing price

ohlc-btc.csv - Sample CSV data, if needed

open_prediction.py - SKLearn script to predict an opening price - a python script in the root dir called ‘streaming.py’ which is part of the Oanda streaming command.

If you execute php artisan, you should see something like the following, the part you are interested in is below.

Redis and MySQL

Redis really does not need any tweaking out of the box, it's installed and ready if you're using Homestead Improved.

MySQL will need a database and a few tables. Change the credentials in the .env file (create it from .env.example if it doesn't exist).

DB_CONNECTION=mysql DB_HOST=localhost DB_PORT=3306 DB_DATABASE=homestead DB_USERNAME=homestead DB_PASSWORD=secret

Let's add the DB dump into MySQL:

mysql -u homestead -psecret < app\Script\DBdump.sql

Open up the database in a tool like Sequel Pro and you will the sample data in the bowhead_ohlc (open, high, low, close) table.

API accounts we need in order to set up automated trading

3) Oanda is where we get our streaming Forex data, you need an account. API access is found here.

5) Bitfinex - you need an account here with an API key so we can get Cryptocurrency quotes. API keys are found under ‘Account’ then click on API.

6) Poloniex is like Bitfinex but supports many alt-coins. API keys are found under Settings - API Keys.

7) TradingView is not mandatory, but you will want an account there because all the indicators bowhead uses can be viewed on charts to help you build your strategies.

Once you get the API keys for these sites, you will want to put them in your .env file.

Continue reading %How to Build a Cryptocurrency Auto-Trader Bot with PHP? 💰%

by Joel Degan via SitePoint http://ift.tt/2s1Qbaa

#CSS3 #HTML5 Branding #HTML5 Weekly #HTMLl5 demos #Javascript Branding #Javascript Weekly #Mobile #Mo

0 notes

localbitcoinsclonescript · 3 years

Link

As the standard Cryptocurrency Exchange Clone Development Company passes on word-class clone applications for Binance, LocalBitcoins, Coinbase, Paxful and Poloniex, and so on inside seven days. We offer solid LocalBitcoins Clone App for individuals who needs to begin a cryptographic money business with a relative way of thinking like localbitcoins, can buy this clone application to move began immediately. Our localbitcoins mobile app has all the fundamental interface and highlights joined into i

0 notes

kevinjack0708 · 4 years

Text

Explore the world of cryptocurrency trading with the Poloniex clone app

Projecting a business service into the marketplace has its own set of merits and demerits. Establishing your business and acquiring a customer base will consume time. Some may achieve it in a few years and some require more years. The trick to gaining popularity in a few years is to provide services that are distinctive and smart when compared to competitors. If this excites you, we are here to help you.

At Appdupe, we have a proven track record of building white-labeled clone applications.

In that row, we build a cryptocurrency exchange platform with the Poloniex clone script. The app has every feature to make it secure and distinctive from the competitors. This blog will envelop the features and working of the app.

Initially, the user will sign in with the essential credentials.

Next, the user will choose the type of cryptocurrencies to commence the trade.

Then the user will select a matching seller and send a trading proposal.

Once the seller agrees to the terms and conditions, the currencies will be released to the user’s wallet.

Two-factor authentication- The application has 2FA that will help to secure the user’s credentials from being hacked.

KYC/AML - The application incorporates know your customers and Anti-money laundering features to prevent unauthorized access.

Multiple currency support- The app supports almost every cryptocurrency like Bitcoin, Ethereum, Ripple, Stellar, etc.

Liquidity- The Poloniex clone script has high liquidity that helps to prevent price fluctuations and grabs more users.

Trade analytics tool- The in-built analytics tool presents all the trading activities done through the application.

#poloniexclone #poloniexclonescript

0 notes

legit-scam-review · 6 years

Text

Six Tools Used by Hackers to Steal Cryptocurrency: How to Protect Wallets

Image source: Carbon Black

Briefly about the problem

250 million potential victims

Image source: Foley & Lardner

Experts from Hackernoon analyzed the data about hacking attacks for 2017, which can be conditionally divided into three large segments:

– Attacks on the blockchains, cryptocurrency exchanges and ICOs;

– Distribution of software for hidden mining;

– Attacks directed at users’ wallets.

Apps on Google Play and the App Store

Bots in Slack

Image source: Steemit @sassal

Add-ons for crypto trading

Authentication by SMS

Public Wi-Fi

Sites-clones and phishing

Cryptojacking, hidden mining and common sense

Picture source: Carbon Black

“Encryption, anti-virus software, and multi-factor identification will only keep your assets safe to a point; they key is preventive measures and simple common sense.”