Halal crypto bot explained: how HalalCrypto works end-to-end
By HalalCrypto Research Team · Published 2026-04-26 · Updated 2026-04-26
On this page
The six AI agents
The system is organised as six cooperating agents, each with a single responsibility. Decoupling responsibilities is what allows us to update one agent without disturbing the others — for example, refining the Signal Engine without touching the Halal Filter — and what makes the Halal Filter's veto authority absolute.
Agent 1
Signal Engine
Identifies high-probability setups using rolling volatility, volume profile, structural breakout detection, and a learned classifier trained on multi-year spot data. Outputs candidate trades with a confidence score and a recommended notional size.
Agent 2
Halal Filter
Checks every candidate against the four-gate AAOIFI-aligned framework. Rejects any signal on a coin currently failing any gate. The Halal Filter has absolute veto authority — no signal, however high-confidence, proceeds without its approval.
Agent 3
Risk Engine
Sizes the surviving signals against current portfolio heat, tier-specific concurrency caps, and rolling 14-day ATR of the candidate coin. Vetoes any trade that would push portfolio heat above its tier's cap. Outputs a final order ticket with size, stop, and target levels.
Agent 4
Sanctions Screen
Cross-checks the order ticket against OFAC, UN, EU, and equivalent sanctions lists in real time. Refreshes daily. Vetoes any order against a sanctioned coin or counterparty. This is a hard regulatory gate as well as a Shariah-aligned one.
Agent 5
Execution Layer
Places the spot order against the user's exchange (Binance, Bybit, OKX, or Kraken depending on tier) using the encrypted API key. Registers the stop-loss and take-profit triggers on the exchange. Confirms fill, then notifies the Observability Layer.
Agent 6
Observability Layer
Reconciles exchange state with internal state, computes performance metrics, and generates the user-facing dashboard. Surfaces anomalies (stale orders, unexpected balance changes, exchange API errors) to the operations team. Sends weekly summary emails to users.
Trade lifecycle
From candidate setup to closed position:
- Signal Engine emits a candidate (e.g. "ETH-USDT, breakout, confidence 0.78").
- Halal Filter checks ETH against the four-gate framework. Passes.
- Risk Engine sizes the position based on current equity, ETH's 14-day ATR, and remaining tier heat. Outputs order ticket.
- Sanctions Screen confirms ETH is not sanctioned. Passes.
- Execution Layer places the spot buy order on the user's exchange via the encrypted API key. Stop-loss at -2%, target triggers at 3%/5%/pyramid.
- Order fills. Observability Layer logs the fill, updates the dashboard.
- Exit triggers monitor continuously. First trigger to fire (3% in 4h, 5% in 1h, pyramid extension, or -2% stop) closes the position.
- Observability Layer logs the close, recalculates portfolio heat, and frees capacity for the next signal.
Total elapsed time from signal emission to order placement is typically under 2 seconds. Total elapsed time from order placement to fill is exchange-dependent (typically under 1 second on Binance for our routing sizes).
Where data lives
Three distinct data domains, each with its own storage and access controls.
- Trade and portfolio data: per-user trade history, position state, and performance metrics. Stored in our application database, encrypted at rest, region-isolated. Accessible only via authenticated dashboard sessions.
- Customer-identifying data: email, billing details, account preferences. Segregated from trade execution data. Accessed only by the dashboard and billing services.
- API key vault: exchange API keys for every connected user. Hardware-backed, encrypted with per-user keys derived from a master HSM key, accessible only to the Execution Layer at trade time.
We do not share data with marketing partners, analytics providers, or third-party services beyond what is operationally necessary. Sentry-style error logs strip identifiers and never log API keys or trade-specific dollar amounts.
Where keys live
Exchange API keys are the most sensitive data we hold. They are stored in a hardware-backed key vault separate from the application database. Encryption is AES-256-GCM with per-user encryption keys derived from a master HSM key.
The Execution Layer reads a user's key on demand at trade time, decrypts in memory, places the order, and discards the plaintext immediately. The key never appears in logs, never crosses an external service boundary, and never persists in plaintext anywhere on disk.
We additionally require that withdrawal permissions be disabled on the key. With withdrawals off, even a worst-case scenario — full compromise of our infrastructure — cannot result in user funds leaving the exchange. The bot's authority is bounded by the API key's permissions, and those permissions exclude the only operation that could move funds.
How exits work
Every position has four possible exit conditions, evaluated continuously by the Execution Layer:
- 3% target in 4 hours: base case. Limit-sell order at +3% from entry, GTC.
- 5% target in 1 hour: fast-momentum case. Triggered exit at +5% within 60 minutes of entry.
- Pyramid extension: partial profit at 3%, trail the remainder. Trail tightens with position age.
- -2% hard stop: stop-loss order placed at trade entry, registered on the exchange.
All four are registered as orders on the exchange itself, not just in the bot's internal state. That means the exchange enforces them even if our infrastructure goes down — your stop will trigger regardless. Resilience comes from defence in depth, not from any single component.
How re-screens work
Halal screening is not a one-time check. The Halal Filter re-evaluates every coin on every trade decision against the latest gate state. Beyond that, three triggers fire event-driven re-screens:
- Continuous Gate 1 monitoring: any major tokenomics, governance, or revenue-mix announcement triggers immediate re-screen by the screening committee within 48 hours.
- Quarterly Gate 2 refresh: on-chain treasury data and reserve attestations recomputed every quarter.
- Daily Gate 4 refresh: sanctions lists pulled and matched daily.
If a coin transitions from pass to fail and you currently hold a position in it, the system suspends new entries immediately and unwinds the existing position in an orderly manner — typically over the next available exit window rather than a forced market dump. You receive an email notification within 24 hours explaining what changed, why the verdict shifted, and what the unwind looked like.
Frequently asked questions
Are my exchange API keys safe?
Keys are encrypted at rest with AES-256-GCM, never logged in plaintext, and never sent to external services. The execution layer reads them on demand from a hardware-backed key vault and discards them after each call. We additionally require that withdrawal permissions be disabled on the key, so even a complete compromise cannot result in funds leaving your account.
How does the bot decide what to trade?
The Signal Engine identifies high-probability setups using rolling volatility, volume profile, and structural breakout detection. The Halal Filter rejects any signal on a coin that fails our four-gate screening. The Risk Engine sizes the surviving signals against current portfolio heat. Whatever passes all three reaches the Execution Layer.
What if the bot loses internet connection?
Existing positions retain their stop-loss and take-profit orders on the exchange, which the exchange enforces independently. The bot will not open new positions during disconnection. When connection restores, the Observability Layer reconciles the state and resumes within a few seconds.
How often are positions re-screened?
Every position is checked against the halal filter on every trade decision. If a coin's screening status changes mid-position (a Gate 1 or Gate 4 failure), the system unwinds the position in an orderly manner regardless of P&L. Customer email goes out within 24 hours.
Where does the data live?
Trade history, performance data, and portfolio state live in our application database (encrypted at rest, region-isolated). API keys live in a separate hardware-backed key vault. Customer-identifying data is segregated from trade execution data and accessed only by the dashboard layer.
Can the bot ever go rogue?
No. The Execution Layer is bounded by tier-specific concurrency caps and per-trade size limits enforced in code. The Halal Filter cannot be bypassed by any signal. The API key permissions exclude derivatives and withdrawals. There is no scenario in which the bot can place a non-halal trade or move funds off the exchange.
Citations
- AAOIFI Shariah Standards — primary screening reference.
- Saudi Permanent Committee for Scholarly Research and Ifta — fatawa informing operational design.
- Al Rajhi Bank Shariah Board — public reviews informing infrastructure constraints.
Continue reading
Other cornerstone guides in this series.
Is crypto halal?
The full Shariah picture — riba, gharar, maysir, and how spot trading earns a permissive verdict.
Halal trading strategy
Asymmetric multi-X targeting (3% in 4h, 5% in 1h, pyramid). No scalping, no leverage.
AAOIFI-aligned screening
Our framework follows AAOIFI standards, with Saudi Permanent Committee and Al Rajhi Shariah guidance.
Why not derivatives, futures, margin
Why every leverage product, perp, and option is structurally excluded from every tier.
Halal crypto vs halal stocks
Where crypto fits next to halal equity portfolios — volatility, liquidity, and screening differences.
Halal crypto vs cash
Inflation, opportunity cost, and the case for putting some halal capital to work.
Run the full bot
Multi-X tier — all six agents at maximum concurrency. $99/month.
Start with Multi-X — $99/mo