Trust by construction.
Not by promise.
Most MM vendors ask you to trust them. We built Makerless so you don't have to.
- Passkey-only auth
- No passwords. Anywhere.
- No withdrawal scope
- Refused at signup.
- L4 SNI passthrough
- Edge can't read traffic.
- Ed25519 signed reports
- Optional on-chain anchor.
Keys you never give up.
You sign in with two passkeys. There are no passwords on this system — not yours, not ours, not anywhere. Your encryption master key is derived in your browser from the passkey's PRF extension and never leaves your device's Secure Enclave or hardware key.
When you paste your exchange API keys at deploy, they are encrypted in your browser before they reach us. We hold ciphertext. We cannot decrypt it. There is no help-desk reset path — by design.
- 1Authenticator (Touch ID / Yubikey)
- 2PRF secret (32 bytes, never leaves device)
- 3X25519 keypair (derived in browser)
- 4AES-256-GCM seal of secrets
- 5Ciphertext → your droplet
Only the owner can deploy.
Before you can deploy a bot for a token, you sign a challenge with the contract's owner address. EVM family and Solana at launch. We accept AccessControl roles for renounced-ownership tokens (MINTER, PAUSER, DEFAULT_ADMIN).
This means only verifiable token owners run liquidity for their token. No anonymous deployments. No bot-for-hire against tokens the operator doesn't control.
Contract address
0xA1b2…dEf9
Challenge
prove-ownership:0xA1b2…dEf9:1716000000
No withdrawals. Ever.
At signup we call the exchange's describe-key endpoint and refuse to proceed if your API key allows withdrawals. Same check for missing IP allowlist. Same check for futures scope unless your plan permits it.
The executor re-validates these scopes on every reconnection. If you (or anyone with your account) widens the key after deploy, the bot pauses itself and emails you within seconds.
The worst-case attack against your droplet is converted from "drain the exchange account" to "grief the market maker." You notice. You rotate. You move on.
Refused
- read: ✓
- spot trade: ✓
- withdraw: ✕
- ip allowlist: missing
Accepted
- read: ✓
- spot trade: ✓
- withdraw: disabled ✓
- ip allowlist: set ✓
Every report. Signed. Optionally anchored.
Every order placed by the bot is recorded in a hash-chained audit log inside your droplet's SQLite. At month-end, the supervisor task generates a canonical JSON report covering every fill, every PnL number, every parameter change.
The report is signed with Ed25519. Optionally, the hash is anchored to a public chain you choose. The PDF you hand your CFO is rendered from the canonical JSON — so it can be regenerated and verified at any point in the future.
This is the difference between trust and proof.
report-04.json (sample)
{
"pair": "WAM/USDT",
"venue": "gate.io",
"period": "2026-04",
"orders": "<count>",
"fills": "<count>",
"net_pnl_usdt": "<signed amount>",
"audit_log_root": "sha256:<root>",
"anchor": { "chain": "<your-evm>", "tx": "0x<hash>" },
"signature": "ed25519:<sig>",
"build": "makerless@<version>"
}Your server. Your data. Your call.
Your droplet runs on your Hetzner or DigitalOcean account, billed to your card. Even we cannot SSH into it. There is no admin channel. There is no support backdoor.
Updates are explicit: a new image is published, you get an email, you click to apply. Security patches have a 72-hour hard deadline before the executor pauses itself — even we cannot push code to a running customer droplet silently.
If you cancel, the droplet is still there. The data is still there. You can audit, archive, or destroy it on your timeline.
Trust boundary
Your account (Hetzner / DigitalOcean)
- · Droplet · sealed
- · SQLite (audit log)
- · Exchange keys (encrypted)
- · Conversation history
↑ owned by you ↑
Makerless (outside boundary): DNS · image distribution · backup ciphertext storage
Hand it to your auditor.
We don't make legal claims about MiCA, SEC, or any specific regime. We hand you the artifacts most regimes ask for:
- A signed, timestamped record of every order action
- Independent reconciliation against the exchange's own trade history
- An on-chain hash anchor that proves the report existed at a specific point in time
- A canonical JSON report that can be inspected against your exchange's own trade history
What you and your counsel make of that in your jurisdiction is up to you. We've made the artifacts hard to fake and easy to check.
Hand to your accountant
- report-2026-04.json
- report-2026-04.pdf
- report-2026-04.sig