Security at HYPX

Last updated: March 2026. HYPX is trading automation software built by Huzzah Labs Limited. Security and permission boundaries are core to the product.

Non-Custodial Architecture

  • HYPX never holds your funds. All assets remain on Hyperliquid under your wallet address.
  • Trade-only agent permissions: HYPX uses Hyperliquid's native agent wallet system. The agent can open and close trades — it cannot withdraw, deposit, or transfer funds.
  • Protocol-level enforcement: these permissions are enforced by Hyperliquid at the smart contract level, not by HYPX application code. Verifiable on-chain.
  • No private key storage: your main wallet private key is never sent to or stored on HYPX servers.

Authentication

  • Passkey-first: Face ID, Touch ID, or hardware security keys. No passwords to forget, phish, or brute-force.
  • Privy-powered: authentication is handled by Privy (Google, email, passkey providers) with server-side JWT validation on every protected endpoint.
  • No SMS 2FA: we avoid SMS-based authentication due to SIM-swap risk. Passkeys are cryptographically bound to your device.
  • Session management: tokens are short-lived and validated server-side. Expired sessions require re-authentication.

Infrastructure

  • Encrypted in transit: all traffic is served over HTTPS/TLS. No unencrypted connections are accepted.
  • Database encryption: PostgreSQL with encrypted connections. Sensitive data (agent keys) stored separately from application data.
  • Firewall & access control: servers are hardened with UFW, fail2ban, and SSH key-only access. No password-based SSH.
  • Isolated environments: production, pre-production, and staging environments are fully separated.

What HYPX Can and Cannot Do

✅ Can

  • • Place trades on Hyperliquid
  • • Close positions
  • • Read account balances and positions
  • • Send trade notifications

❌ Cannot

  • • Withdraw funds
  • • Deposit funds
  • • Transfer to external wallets
  • • Access your main wallet private key
  • • Modify Hyperliquid account permissions

Risk Notice

HYPX is trading automation software, not financial advice. Trading cryptocurrency involves substantial risk of loss, including total loss of capital. Past performance and backtests are not guarantees of future outcomes. Only trade with capital you can afford to lose.

Report a Vulnerability

If you discover a security vulnerability, please email security@hypx.app. We take all reports seriously and will respond within 48 hours.

Risk PolicyPrivacy PolicyTerms