PredictEngine Wallet Security: How Your Funds Stay Safe
Learn about the security architecture behind PredictEngine wallets, including encryption, access controls, and best practices for keeping your funds safe.
1How PredictEngine Wallets Work
When you create a PredictEngine account, the platform automatically generates a dedicated Polygon wallet for your Polymarket trading. This wallet is created and managed server-side, meaning you do not need to install MetaMask or any other wallet extension. The wallet is exclusively yours and is used solely for executing your bot trades and managing your Polymarket positions.
Your wallet private key is encrypted using AES-256 encryption before being stored in the database. The encryption key is held separately from the database, ensuring that even if the database were compromised, the encrypted private keys would be useless without the corresponding encryption key. This defense-in-depth approach provides multiple layers of security.
PredictEngine never exposes your private key to the frontend or to any third party. All transaction signing happens server-side in a secure environment. When a bot needs to execute a trade, the server decrypts the private key in memory, signs the transaction, and immediately discards the decrypted key. This minimizes the window during which the raw key exists in memory.
2Encryption and Key Management
The AES-256 encryption standard used by PredictEngine is the same algorithm used by governments and financial institutions to protect classified and sensitive data. It is considered computationally infeasible to break with current or foreseeable technology. Each wallet key is encrypted with a unique initialization vector, ensuring that even identical private keys would produce different ciphertext.
The master encryption key is stored in a separate, access-controlled environment from the database. Access to this key is strictly limited to the production server processes that need it for transaction signing. No human, including PredictEngine team members, has routine access to the decrypted private keys.
PredictEngine infrastructure runs on Google Cloud Platform with enterprise-grade security including encrypted disks, network isolation, and IAM access controls. All communication between the frontend and backend is encrypted with TLS, and security headers including HSTS, CSP, and X-Frame-Options are enforced on every response.
Ready to Start Trading?
PredictEngine lets you create automated trading bots for Polymarket in seconds. No coding required.
Get Started Free3Access Controls and Authentication
User authentication is handled through Clerk, a dedicated authentication service that implements industry best practices including secure password hashing, session management, and optional two-factor authentication. Every API request to PredictEngine is verified against your Clerk session, ensuring that only you can control your wallet and bots.
Withdrawal operations require additional verification steps beyond standard authentication. This prevents unauthorized fund withdrawals even if your session token were somehow compromised. PredictEngine also implements rate limiting on sensitive operations to prevent brute-force attacks and automated exploitation attempts.
Pro Tip: Regular Security Hygiene
Review your PredictEngine account activity weekly. Check your recent trades and bot activity for anything unexpected. If you notice any unauthorized activity, change your password immediately and contact PredictEngine support.
4Best Practices for Users
While PredictEngine implements robust security on the platform side, your account security also depends on your own practices. Use a strong, unique password for your PredictEngine account. Enable two-factor authentication through Clerk for an additional layer of protection. Never share your account credentials with anyone, including people claiming to be PredictEngine support staff.
Be cautious of phishing attempts. PredictEngine will never ask for your password via email, Discord, or Telegram. Always access the platform by typing predictengine.ai directly into your browser rather than clicking links from emails or messages. If you receive a suspicious communication claiming to be from PredictEngine, report it to the support team.
Keep your deposit amounts appropriate for your trading needs. While PredictEngine wallets are secure, the general principle of not keeping more funds on any platform than you actively need for trading is sound risk management. Withdraw profits periodically to your personal wallet for long-term storage.
5Incident Response and Transparency
PredictEngine maintains a comprehensive incident response plan for security events. The platform uses continuous monitoring to detect unusual activity patterns such as abnormal withdrawal volumes or unexpected API access patterns. Any detected anomalies trigger immediate investigation and, if necessary, temporary suspension of affected operations to prevent potential damage.
The PredictEngine team is committed to transparency regarding security matters. Any significant security events or vulnerabilities would be communicated to affected users promptly with clear explanations and recommended actions. This commitment to honest communication builds the trust that is essential for a platform managing user funds.
Frequently Asked Questions
Can PredictEngine team members access my wallet?
No. Private keys are encrypted with AES-256 and the decryption process is automated and restricted to the production trading engine. No team member has routine access to decrypted private keys.
What happens to my funds if PredictEngine goes down?
Your funds exist on the Polygon blockchain and are not dependent on PredictEngine servers being online. In an emergency, PredictEngine would provide users with the means to access their wallets directly.
Should I enable two-factor authentication?
Absolutely. Two-factor authentication significantly reduces the risk of unauthorized account access and is strongly recommended for all PredictEngine users.