The Triangular Arb Bot That Ran 41 Days Before Draining $74K

The "Triangular Arb Bot" that ran for 41 days

February 2025. A holder in Las Vegas buys a "USDT/USDC/BUSD triangular arbitrage bot" from a Telegram seller for 0.4 ETH. The seller shows a YouTube video of the bot running, with logs showing profitable trades every few minutes. The bot requires API keys from his Binance.US account, with trading permissions enabled. He sets it up. For 41 days the bot trades small amounts and slowly accumulates a 2.4% gain — exactly as advertised. Then on day 42, the bot dumps his entire $74,000 USDT balance into a low-liquidity pair on a connected DEX, taking 99% slippage. The other side of the trade is the operator's wallet.

How the long-runway bot scam works

The bot is real software. It does perform small profitable arbitrage trades for weeks — that is the proof phase. Meanwhile, the operator watches the account balance grow (via the API key the victim provided). Once the balance crosses a threshold the operator considers worth taking, the bot executes a single drain trade against a pre-positioned counterparty wallet. The victim sees the loss after the fact and assumes the bot "broke."

The four hard rules for API keys

• Never grant withdrawal permissions on an API key. All major exchanges let you create read-only keys, or trading-only keys without withdrawal. The default for any third-party tool should be "no withdraw."
• Allowlist IP addresses on the API key. Binance US, Coinbase, and Kraken all let you restrict an API key to specific IPs. Set the IP to your home connection, the bot's actual server, or both — never leave it open.
• Audit the trading history weekly. Open the exchange's history page and review every trade the bot made. A bot that suddenly executes a large trade in a low-liquidity pair is the warning. Catch it on day 30, not day 42.
• Trust the source of the bot, not the seller. Bots from Hummingbot, 3Commas, and Cryptohopper are public, open-source or audited, and have years of community history. Bots from Telegram sellers are funnels.

What "real" arbitrage looks like

Profitable arb opportunities on liquid pairs across major exchanges are measured in basis points, last for seconds, and require infrastructure that retail users cannot match. If a "bot" promises consistent 2.4% monthly returns on stablecoin arb, it is either lying about the yield or hiding the risk. There is no free money in CEX-CEX arb — the spreads are gone.