Polymarket Bot Custody Explained: Safe Wallets, Session Keys, and Who Really Holds Yours

Last updated · methodology · changelog

Every Polymarket bot says some version of 'your funds are safe.' The claims are not equivalent. This guide sorts the five custody architectures actually in use, what key export does and doesn't get you, and the questions that separate documented designs from slogans.

Why custody is the first question

An automated bot must be able to sign orders for you at any hour — that’s the product. The entire custody question is how it gets that signing power: by holding your key outright, by holding a constrained permission, or by never touching a key at all. The answer determines what happens if the service is compromised, shuts down, or acts against your interests. It’s why security and custody carry the heaviest weight in how this site scores tools.

Self-custodial Safe wallets

The strongest documented pattern among automated bots: the service deploys a Gnosis Safe smart-contract wallet on Polygon that belongs to your account, and the bot operates it under defined permissions. PolyBot documents this model end to end — a per-user self-custodial Safe, a signer key exportable from Settings, and optional 2FA gating both withdrawals and export. Its docs are unusually blunt about the flip side: anyone holding that signer key controls the wallet, so the export you make is also the thing you must protect.

The honest limitation: “self-custodial” still involves software the vendor wrote creating and handling the key at setup. Documentation, candor about failure modes, and an export path are your evidence the design is what it claims — none of the tools in this niche has a third-party security audit.

Embedded wallets: Privy and Turnkey infrastructure

A related family outsources key handling to specialist infrastructure. Kreo documents Privy generating keys inside hardware secure enclaves, paired with Gnosis Safe wallets where the bot holds trading permissions only and cannot withdraw to external addresses. PolyCopy documents a different variant: you supply your existing wallet’s key, it’s encrypted in your browser, and it lives on Turnkey’s HSM infrastructure rather than the vendor’s servers, revocable the moment you disconnect.

These designs are credible, and Kreo’s trade-only permission is a genuinely strong control. Watch for the gaps, though: Kreo documents no key-export path anywhere we reviewed — so your exit route if the service vanishes is undocumented — and PolyCopy’s model puts your main wallet’s key into the system rather than an isolated trading wallet.

Session keys and server-held keys

Down the trust ladder are models where signing ability lives with the operator. The “session key” claim — PolyCop’s vendor materials say your key is generated and managed entirely within your Telegram session and never stored on a server — is hard to reconcile with the same vendor’s docs describing strategies that execute in the cloud 24/7 while you’re away. A third-party review flatly describes encrypted server-side storage. Nobody has audited it; both stories cannot be true.

Plain server-held keys are the model the ecosystem is moving away from. Independent research (Open Measures, July 2026) reported that PolyGun stores users’ private keys on its servers despite non-custodial branding — the gap between the marketing and the reported architecture being the red flag, more than either fact alone. Server-held keys concentrate three risks: a compromise can expose every user, an operator exit can strand funds, and the operator sees your order flow before the market does.

Wallet-connect terminals: the no-custody option

One category sidesteps the question: manual terminals like Betmoar connect to the wallet you already use on Polymarket. Funds stay in Polymarket’s Polygon contracts; no evidence suggests the terminal generates or stores keys at all. There’s almost nothing to trust — which is exactly why it’s the safest place for a beginner to learn, at the cost of having no automation: no copying, no server-side stops, nothing that works while you sleep. Our terminal comparison covers this category.

Questions to ask any bot before depositing

  • Where is the key generated, and where does it live afterward? “Non-custodial” is a claim; a documented architecture is an answer.
  • Can I export the key or recover funds without the vendor? If the docs don’t say, assume no.
  • Are the bot’s permissions scoped? Trade-only permissions (as Kreo documents) mean even a compromised bot can’t withdraw to an attacker’s address.
  • Is there 2FA on withdrawals and export? PolyBot and Kreo document it; most others don’t mention it.
  • Do independent sources agree with the vendor’s description? Where they conflict — as with PolyCop and PolyGun — weight the independent account and size accordingly.

The ranked list of bots that pass the strictest version of these questions lives at best non-custodial Polymarket bots.

Frequently asked questions

What does non-custodial actually mean for a Polymarket bot?

Strictly, that the operator cannot move your funds without you — because you hold the only key, or because a smart-contract permission limits the bot to trading only. Many bots use the label loosely, so check what is documented: independent research found at least one 'non-custodial' branded bot storing user keys on its servers.

What is key export and why does it matter?

Key export means you can extract the private key controlling your bot wallet and load it into MetaMask or another wallet. It is your exit route if the bot's interface disappears or the service shuts down. A self-custody claim without a documented export or recovery path leaves you dependent on the vendor's continued existence.

Which custody model is safest?

Least trust required: connecting your own wallet to a terminal, since no new key is created. Among automated bots, a per-user Safe with documented key export and trade-only permissions is the strongest documented pattern. Server-held keys require the most trust and have drawn the sharpest independent criticism.