Sodot Launches Exchange API Key to Secure Automated Institutional Crypto Trading

Crypto exchange hacks rarely start on-chain. They start quietly, off-chain, with a leaked API key.

That weak spot has already cost the industry billions. From Safe-related breaches tied to Bybit, to incidents involving Swissborg and Dimo, attackers keep exploiting the same opening: poorly governed exchange API keys that sit outside traditional custody systems but still control real money.

Sodot wants to shut that door.

The self-hosted crypto key management company has announced the general availability of its Exchange API Vault, a system designed to secure exchange API keys used by institutional trading firms on centralized exchanges. The product targets a growing blind spot in crypto infrastructure, one that links off-chain access failures directly to on-chain losses.

Institutional trading teams run hundreds of automated strategies across exchanges, venues, and service providers. Each system depends on API keys that execute trades, move funds, and manage liquidity around the clock. As those environments scale, key sprawl follows. Risk compounds quietly, often unnoticed, until a single compromised credential cascades into a full-scale breach.

The Bybit incident in February 2025 put that risk into stark focus. A North Korean hacking group gained access through Safe{Wallet}, deployed malicious code, and drained roughly 400,000 ETH, valued at $1.46 billion at the time. The failure did not originate on-chain. It began with access control.

Sodot’s Exchange API Vault applies enterprise-grade security practices to private keys, enabling API key exchange without slowing trading systems that depend on low latency. The platform gives asset managers and market makers centralized control over key creation, permissioning, monitoring, and real-time enforcement. Trading teams can continuously observe key activities, apply policies from their own environment, and trigger runtime remediation if abnormal behavior is detected. That includes a built-in kill switch that can cut access instantly if compromise is suspected. Every action is auditable in real time.

One of the first firms to integrate the Exchange API Vault into live trading infrastructure is Flow Traders, a publicly listed global market maker active across digital assets and traditional markets. Flow Traders operates across dozens of major crypto exchanges, making API key governance a core operational concern rather than a background task.

“Solutions like Sodot’s Exchange API Vault contribute to the trust across the digital asset ecosystem, which is an important driver for broader adoption and its underlying technological innovation. We are actively leveraging and supporting such solutions to continue to advance capital markets,” said Laszlo Fodor, Head of Digital Assets Technology at Flow Traders.

The deployment allows Flow Traders to govern exchange API keys across venues without trading slowdowns, a requirement for firms running high-volume, automated strategies. The system manages sensitive keys across on- and off-chain activity, reducing operational friction without sacrificing performance.

“Flow Traders sets a high bar for how modern trading teams should operate. We’re proud to support that standard with our infrastructure products, and contribute to their important mission of driving efficiency and innovation across global financial markets,” added Ido Sofer, CEO of Sodot.

Sodot focuses on self-hosted cryptographic infrastructure, with products built around MPC and trusted execution environments. Its clients include firms such as eToro, Flowdesk, and Exodus, all operating at an institutional scale. Alongside the Exchange API Vault, the company offers Sodot MPC Infra, a self-hosted MPC system for building custodial and self-custodial crypto products without third-party dependencies.

As exchange access becomes more automated and fragmented, API keys have turned into one of crypto’s most exposed attack surfaces. Sodot is betting that tighter governance, direct control, and real-time visibility can close a gap that the industry has long ignored.

For a closer look at how the system operates in live trading environments, check out this video.