Security & Non-Custodial Model
How Stratium protects your funds — non-custodial architecture, AES-256 encryption, wallet isolation, and more.
Non-Custodial by Design
Stratium is a non-custodial trading bot. This means:
- Your keys, your crypto — You have a dedicated Solana wallet that only you control
- We cannot withdraw your funds — The platform is architecturally designed so that no one at Stratium can move your money
- No pooled funds — Your wallet is separate from every other user's wallet
- Full transparency — Every trade is an on-chain Solana transaction you can verify
This is fundamentally different from centralized copy trading platforms where you deposit funds into a shared pool controlled by the company.
How Your Private Key Is Protected
When your wallet is created, the private key goes through a secure encryption pipeline:
AES-256 Encryption
Your private key is encrypted using AES-256-GCM (Advanced Encryption Standard with 256-bit keys in Galois/Counter Mode). This is the same encryption standard used by:
- The U.S. government for classified information
- Banks for securing financial transactions
- Military-grade communication systems
Encryption At Rest
Your encrypted private key is stored in a secure database. The encryption key itself is stored separately and is never exposed in application code or logs.
Momentary Decryption
Your private key is only decrypted for the brief moment needed to sign a transaction. The decrypted key exists in memory for milliseconds and is immediately discarded after use. It is never written to disk, logged, or transmitted.
Wallet Isolation
Every Stratium user gets their own individual Solana wallet:
- No shared wallets — Your funds are never mixed with other users' funds
- Independent execution — Your trades are signed and submitted independently
- No counterparty risk — Even if another user's wallet is compromised, yours remains unaffected
What Stratium Can and Cannot Do
| Action | Can Stratium Do This? |
|---|---|
| Execute trades in your wallet (buy/sell tokens) | Yes — this is the core function |
| View your balance and positions | Yes — needed for trade sizing |
| Withdraw your funds to an external address | No — only you can initiate withdrawals |
| Access your raw private key | No — keys are encrypted and only decrypted momentarily for signing |
| Move funds between user wallets | No — wallets are completely isolated |
| Freeze or lock your wallet | No — your wallet is a standard Solana wallet |
What If Stratium Goes Down?
Because your wallet is a standard Solana wallet, it continues to exist on the blockchain regardless of Stratium's status:
- Your tokens remain in your wallet
- You can import your wallet into Phantom, Solflare, or any Solana wallet app using your private key
- Your funds are never at risk due to platform downtime
Security Best Practices
While Stratium handles the technical security, here are recommendations for users:
- Don't share your Telegram account — Your Telegram ID is linked to your wallet
- Enable 2FA on Telegram — Add an extra layer of protection to your Telegram account
- Start with a small deposit — Test the system before committing larger amounts
- Withdraw profits regularly — Don't keep more in your trading wallet than you're willing to risk on trades
- Verify transactions on-chain — Check trade signatures on Solscan to confirm everything matches
Infrastructure Security
Beyond wallet security, Stratium's infrastructure includes:
- Encrypted database connections — All data in transit is encrypted
- Environment variable isolation — Secrets are managed via secure environment variables
- Microservice architecture — Services are isolated, reducing the blast radius of any potential breach
- Regular security reviews — Code and infrastructure are reviewed for vulnerabilities
Learn More
- Risk Management — How to control trade sizes and exposure
- How Stratium Works — Technical architecture overview
- FAQ — Common security questions answered