Trust by subtraction
Kill Log
A short, evolving list of features and product directions we refused to ship. We publish this because what a bot won\'t do tells you as much about its security posture as what it does.
-
Seed-phrase import
Refused.
Every other bot accepts 12/24-word phrases. We do not, and we will not. A trading bot has no reason to hold the recovery secret of your main wallet. The only acceptable import is a base58 / JSON keypair of a burner you have already accepted entrusting to automated swaps. If you cannot find an exported keypair, we want you to leave the bot and generate a fresh wallet — not paste your seed.
-
Custodial pooled liquidity
Refused.
Some bots co-mingle user funds into a single pool that the operator signs for. Faster execution, sure — and a single key compromise drains every user. MoonHydra signs only with your encrypted keypair, in your wallet, every trade.
-
Hidden tier pricing
Refused.
Premium bots gate basic features (referrals, copy trading, snipe limits) behind a paid tier so power users churn into "Pro". We charge a flat 1% per trade — live today, collected on-chain on every buy and sell — and ship every feature to every user. Heavy users will get volume cashback when the rebate hook ships in Phase 4 — automatic, no opt-in.
-
Blind cross-chain support
Refused for now.
Multi-chain looks great on the marketing page and adds a bridge attack surface to every wallet on the platform. Solana-native means our entire codebase is one ecosystem's primitives, one set of failure modes, one set of RPC providers. We will add EVM the day we are sure we will not be the next bridge-exploit headline.
-
3D hydra mascot on the homepage
Killed mid-deployment.
The R3F mascot looked cool in isolation and terrible in context — broke layout on mobile, ate 280 KB of three.js gzipped, made the hero feel like a tech demo instead of a trading product. The static SVG hydra ships in a fraction of the bytes and looks better next to the price and the buy CTA.
-
Custom on-chain contracts
Refused.
Every swap routes through Jupiter. We have no escrow contract, no proxy router, no upgradeable bot account. The audit surface is "Jupiter is correctly composed" — which Jupiter's team has audited far more aggressively than we ever could on a fresh contract. Our risk is bot logic + encryption, not a custom AMM gone wrong.
-
Closed-source positioning
Killed in PR #24.
We briefly leaned on "open source / self-host" language as a trust marker, but it implied a community-audit reality we cannot offer at this size, so we dropped it. Replaced with concrete trust signals: AES-256-GCM, non-custodial wallet model, no custom contracts. Each is verifiable from the bot's actual behavior, not marketing copy.
-
Detection-evasion or anti-anti-bot features
Refused.
Some "trading" products advertise rate-limit evasion, captcha bypass, or fingerprint spoofing against centralized exchanges. We do not, and we will not. MoonHydra trades on public Solana DEXes that have no fingerprint surface to spoof — and we will not bolt on features whose only use case is hostile automation against another platform.
Have a feature we should never ship?
Send the case to security@moonhydra.com. Strong arguments — especially security ones — get added here with credit.
Ready to summon your first Hydra Head?
It takes 30 seconds. No KYC. No deposits. Generate a burner wallet, fund it with SOL, paste a contract address.
Open in Telegram