Stalker Trading

Download

Key Safety Considerations

Stalker is designed to give users control over their trading setup while keeping sensitive information local to their own device. This page outlines important safety practices for using the app responsibly.

Please review these recommendations before connecting exchange accounts, entering Polymarket credentials, or enabling live trading.

First and Foremost

Only download Stalker from our official website.

We do not distribute Stalker through app stores, file mirrors, forums, Telegram groups, Discord servers, GitHub releases, third-party marketplaces, or “cracked software” sites.

Any installer, build, archive, update, license tool, or modified version found anywhere other than the official Stalker website should be treated as fraudulent and meant to steal your credentials and keys.

Installing Stalker from an unofficial source can expose your machine, exchange API keys, wallet credentials, and funds to serious risk. Fake builds may contain malware, keyloggers, credential stealers, or altered trading logic designed to compromise your accounts.

If you are not on the official Stalker website, do not download it. If you already did, delete it, revoke any API keys or wallet credentials you entered, and start over from the official site.

Exchange API Permissions

When connecting an exchange account to Stalker, create a new API key specifically for this app.

Stalker does not need withdrawal permissions or transfer permissions. These should remain disabled.

Only enable the permissions required for the app to function, such as:

  • Reading balances and account information
  • Reading market data
  • Placing buy and sell orders

Do not enable:

  • Withdrawals
  • Transfers
  • Internal transfers
  • Funding permissions
  • Account management permissions
  • Any permission unrelated to reading account data or placing trades

If your exchange offers additional API security controls, such as IP restrictions, subaccounts, or spending limits, consider using them.

Use Dedicated API Keys

Do not reuse API keys from other apps, bots, scripts, or services.

Create dedicated API credentials for Stalker on each exchange you connect. This makes it easier to manage access and revoke credentials later if needed.

If you stop using Stalker, you should revoke the API keys directly from your exchange account.

Consider Using a Separate Exchange Account

For an added layer of safety, consider using an exchange account that is not your primary trading account.

For example, if your main trading account is on Kraken, you may choose to use Gemini for Stalker. If your main trading account is on Gemini, you may choose to use Kraken or another supported exchange.

This helps keep your primary trading activity separate from automated trading activity.

Only fund the connected exchange account with the amount you intend to use with the bot.

Polymarket Wallet Safety

When using Stalker’s Polymarket trading or copy-trading features, it is strongly recommended that you do not use your main Polygon wallet.

For Polymarket trading, the app requires you to enter your wallet private key and related Polymarket credentials so it can place trades on your behalf. This information is sensitive. Your information is encrypted locally on your device and is never communicated to our servers.

Best practice is to create a fresh MetaMask wallet specifically for Stalker / Polymarket activity and fund it only with the amount you intend to trade.

Recommended setup:

  • Create a new MetaMask wallet
  • Use it only for Stalker / Polymarket trading
  • Fund it only with what you intend to trade
  • Do not use your main Polygon wallet
  • Do not use a wallet holding long-term assets, NFTs, or unrelated funds
  • Do not reuse a private key from an important wallet

Keeping your main wallet separate reduces risk.

Local Credential Storage

Sensitive credentials are encrypted and stored locally on your device.

Depending on your setup, this may include:

  • Exchange API keys
  • Exchange API secrets
  • Polymarket credentials
  • Polygon wallet private keys used for Polymarket trading
  • Local trading configuration data

These credentials are not sent to Stalker servers.

Stalker cannot view, recover, reset, or retrieve these credentials for you. If you lose access to locally stored credentials, you may need to revoke and recreate them through the relevant exchange, wallet, or service provider.

Even though credentials are encrypted locally, it is still important to follow good security practices.

Set a Strong App Password

Use a strong, unique password for the Stalker app.

Your app password is not only used to access the app. It is also used as part of the encryption and decryption process for sensitive local data stored on your device.

This means your app password helps protect locally stored credentials such as exchange API keys, API secrets, Polymarket credentials, and wallet private keys used for Polymarket trading.

A weak or reused app password can weaken the protection around that encrypted data.

Do not reuse:

  • Your exchange password
  • Your email password
  • Your wallet password
  • A password used for another app or service

Use a long, unique password. A password manager is recommended.

Stalker cannot recover or reset this password in a way that restores access to your encrypted local credentials. If you lose access, you may need to revoke and recreate credentials through the relevant exchange, wallet, or service provider.

Reauthentication and Timeout Protection

Stalker requires authentication when you log in and after timeout periods.

This helps protect the app if your device is left open or unattended. However, timeout protection should be treated as one layer of safety, not a replacement for securing your device.

You should also:

  • Lock your computer when stepping away
  • Use a strong operating system login password
  • Keep your operating system updated
  • Use disk encryption where available
  • Avoid running Stalker on shared, public, or untrusted devices

Protect Your Device

Depending on your configuration, Stalker may store multiple encrypted credentials across exchanges, wallets, and integrations.

For that reason, the device running Stalker should be treated as sensitive.

Do not leave your device unlocked and unattended. Do not allow other people to use your operating system account. Do not install the app on public computers, shared machines, or devices you do not control.

If you believe your device may be compromised, stop using live trading, revoke your exchange API keys, and move funds away from any connected wallets or accounts as appropriate.

Never Share Credentials

Never share sensitive credentials with anyone.

This includes:

  • Exchange API keys
  • Exchange API secrets
  • Exchange passwords
  • Polymarket credentials
  • Wallet private keys
  • Seed phrases
  • App passwords
  • License credentials
  • Screenshots showing sensitive information

Do not send credentials through email, chat, social media, support tickets, screenshots, screen shares, or direct messages.

Stalker support does not need your exchange API secret, wallet private key, seed phrase, exchange password, or withdrawal-enabled API credentials.

Uninstalling Stalker

If you stop using Stalker, fully uninstall the app from your device.

Do not only delete a shortcut or remove the app icon. Use the proper uninstall process for your operating system so local app data and encrypted sensitive files are removed.

After uninstalling, you should also revoke any credentials created for Stalker.

Recommended steps:

  1. Stop the bot.
  2. Disable live trading.
  3. Revoke Stalker API keys from each connected exchange.
  4. Move or secure funds from any dedicated bot exchange account, if desired.
  5. Stop using or retire any dedicated Polymarket wallet, if desired.
  6. Fully uninstall Stalker from your device.
  7. Confirm local app data has been removed if your operating system allows it.

Impersonation and Phishing

Stalker will never contact you unexpectedly asking for credentials, private keys, seed phrases, passwords, API secrets, wallet access, remote access, or payment outside the official website.

Stalker will not:

  • Call you asking for account access
  • Send unsolicited messages asking you to verify a wallet
  • Ask for your private key by email or direct message
  • Ask for your seed phrase
  • Ask for withdrawal-enabled API credentials
  • Ask for remote access to your computer

Official support is handled through the support system on the Stalker website.

If someone claims to be from Stalker and asks for sensitive information, do not reply, do not click links, do not install software, and do not share anything.

If you are unsure whether a message is legitimate, contact Stalker directly through the official contact page or support page.

Report Abuse

If someone is impersonating Stalker, sending phishing links, pretending to offer support, or asking users for credentials, please report it through the official website.

When reporting abuse, include any useful details you can safely provide, such as:

  • The message you received
  • The sender name or handle
  • The platform where it occurred
  • Screenshots
  • Suspicious links copied as plain text

Do not click suspicious links to investigate them.

Final Safety Checklist

Before using Stalker live, review the following:

  • Create dedicated API keys for Stalker
  • Disable withdrawal permissions
  • Disable transfer permissions
  • Limit exchange API permissions to read and trade only
  • Consider using a separate exchange account from your main trading account
  • Fund connected accounts only with what you intend to trade
  • Do not use your main Polygon wallet for Polymarket
  • Use a fresh wallet for Stalker / Polymarket activity where possible
  • Set a strong, unique app password
  • Keep your device secure and password-protected
  • Do not share credentials with anyone
  • Know how to revoke API keys if needed
  • Fully uninstall the app if you stop using it

Automated trading involves risk. These practices help reduce avoidable security risk while keeping you in control of your setup.