Where the bot actually trades from

Your wallet (mnemonic in MetaMask or a hardware wallet) owns a 0x… address. That address holds USDC on Hyperliquid. The bot reads positions and signs orders against that account using a delegated agent wallet — a separate keypair you approved from your main wallet via the in-app wizard.

At no point does Botely hold funds, custody your mnemonic, or have unilateral access to anything beyond placing/cancelling orders. The Hyperliquid protocol restricts agent wallets to trading-only actions (no withdrawals, no transfers); Botely's server-side code further restricts the agent to ETH-USD, SOL-USD and BNB-USD only.

A strategy signal fires (e.g., ETH long on v6.4). The bot composes a place-order action for ETH-USD on your Hyperliquid account with the size and price the strategy chose. It signs with the agent wallet's private key (held server-side, AES-256-GCM-encrypted) and submits to Hyperliquid's exchange endpoint.

The chain verifies the signature, checks the agent wallet's whitelist (this op must match: place order, on ETH/SOL/BNB, on main account, with this key's public part). If all clauses pass, the order is accepted and matched against the orderbook. Your account's USDC position becomes an ETH position.

Withdrawing funds from the main account: only your owner mnemonic can sign withdrawal action. The agent wallet cannot.

Adding/removing agent wallets: only your owner mnemonic. Botely's wizard asks for your signature each time.

Disabling the bot: the bot toggle in /app/settings stops the bot from placing NEW orders. The bot itself can't stop following its own logic, but you can stop it via this toggle or by removing the agent wallet from the .env.