# Security

### Wallet Security

[Insiders.bot](http://insiders.bot/) takes a dual approach to wallet management, giving users the choice between convenience and full self-custody, while implementing advanced safeguards like **Timelocks** to protect user funds.

***

### Social Login Wallets (Privy-Powered)

When you sign up using your **Telegram** account, a custodial wallet is automatically generated via [Privy](https://www.privy.io/). Privy is a premier embedded wallet solution trusted by leading platforms including Hyperliquid.

Key security properties of Privy wallets:

* **Key Management:** Your private keys are managed by Privy's secure infrastructure. They are never exposed to [Insiders.bot](http://Insiders.bot) servers or stored in plaintext.
* **2FA Protection:** Enable Two-Factor Authentication (Google Authenticator, Authy) to require a time-sensitive code for login and withdrawals.
* **No Seed Phrase Exposure:** Unlike traditional wallets, there is no seed phrase to lose or have stolen. Access is tied to your Telegram identity plus 2FA.
* **Native Automation:** Social login wallets support all platform features, including automated copy trading, without requiring any additional smart contract approvals.

***

### Connect Wallet & EOA Delegation (Self-Custodial)

Users who prefer full control over their private keys can connect an external wallet such as MetaMask, Phantom, OKX Wallet, Bitget Wallet, Backpack, or Trust Wallet.

To enable automated copy trading while maintaining self-custody, we utilize an **Externally Owned Account (EOA) delegation** architecture. An EOA is the standard Ethereum account type controlled directly by a private key. Our delegation system leverages session keys and approval mechanisms to allow our operator contracts to execute trades on your behalf within strict, predefined limits.

#### **How EOA Delegation Works:**

1. You connect your external wallet to [Insiders.bot](http://Insiders.bot).
2. To enable copy trading, you sign a specific delegation transaction from your wallet.
3. This grants our operator smart contracts permission to execute trades on your behalf, subject to the parameters you configure (trade amounts, target wallets, exit strategies).
4. You can **revoke this delegation at any time** through your wallet settings.

#### **Key Properties and Risks of EOA Delegation:**

* **Full Self-Custody:** You retain complete ownership of your private keys and seed phrase at all times.
* **Automated Execution:** Once delegation is active, copy trades are executed automatically without requiring manual approval for each transaction.
* **Approval Scope:** The delegation is limited to the specific trading operations you authorize. It does not grant access to transfer funds out of your wallet to arbitrary addresses.

{% hint style="info" %}
**Important:** EOA delegation involves interacting with smart contracts. While our contracts are designed with security best practices, smart contract risk can never be fully eliminated. We recommend only delegating amounts you are **regularly reviewing your active delegations.**
{% endhint %}

***

### Wallet Comparison

<table><thead><tr><th width="205.76953125">Feature</th><th width="207.10546875">Social Login (Telegram)</th><th>Connect Wallet (EOA Delegation)</th></tr></thead><tbody><tr><td>Wallet Provider</td><td>Privy (custodial)</td><td>Your own wallet (self-custodial)</td></tr><tr><td>Private Key Control</td><td>Managed by Privy</td><td>Fully controlled by you</td></tr><tr><td>Copy Trading</td><td>Supported (native)</td><td>Supported (via EOA delegation)</td></tr><tr><td>2FA Available</td><td>Yes</td><td>Depends on your wallet provider</td></tr><tr><td>Smart Contract Risk</td><td>None (no on-chain delegation)</td><td>Yes (delegation contract risk)</td></tr><tr><td>Revocation</td><td>N/A</td><td>Revoke delegation anytime</td></tr></tbody></table>

***

### Avoiding Scams

Protect yourself by following these security practices:

{% hint style="info" %}
**Always verify you are on the official domain:** <https://www.insiders.bot/>

Only interact with our official Telegram bots: @insidersdotbot (trading) and @polymarketinsiderbot (signals).

Our team will **never** DM you first asking for funds, private keys, seed phrases, or wallet connections.

Never share your 2FA codes with anyone.

Bookmark the official site to avoid phishing links.
{% endhint %}


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://insidersbot.gitbook.io/insiders.bot/onboarding/security.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.
Feature	Social Login (Telegram)	Connect Wallet (EOA Delegation)
Wallet Provider	Privy (custodial)	Your own wallet (self-custodial)
Private Key Control	Managed by Privy	Fully controlled by you
Copy Trading	Supported (native)	Supported (via EOA delegation)
2FA Available	Yes	Depends on your wallet provider
Smart Contract Risk	None (no on-chain delegation)	Yes (delegation contract risk)
Revocation	N/A	Revoke delegation anytime