Non-custodial, explained: trading access without withdrawal rights
The single most important question to ask any asset manager: "Can you move my money out?" With a properly configured non-custodial setup, the answer is structurally no.
Custody is the real risk
Most losses in the digital asset world have not come from bad trades — they have come from bad custody. Exchanges that collapsed, funds that commingled client money, managers who simply left. Every one of those failures had the same root: someone other than the owner could move the funds.
How API permissions actually work
Every major exchange lets an account owner issue API keys with granular permissions. The three that matter:
- Read — see balances and order history. Harmless alone.
- Trade — place and cancel orders inside the account. This is all an arbitrage engine needs.
- Withdraw — move funds out. This permission is never granted. Ever.
The separation is enforced by the exchange's own infrastructure. A key issued without withdrawal permission physically cannot sign a withdrawal request — no matter who holds it.
What this means in practice
When Plutus deploys its arbitrage system on a client's account, the client creates the API key themselves, with trade-only permissions, and can revoke it at any moment from their own exchange dashboard. The engine executes around the clock; the client retains complete, unilateral control of the capital at all times.
Profit generation and fund custody are fully decoupled. That is the entire point.
Checklist before trusting any system
- You create and own the API key — not the manager.
- Withdrawal permission is disabled at the exchange level.
- You can revoke access instantly, without anyone's approval.
- Reporting shows every executed order, not just summaries.