The open source library CCXT hides the "commission" code: your transaction rebate may be quietly taken away

The currency circle has exploded recently, and a blockbuster has been directly thrown into the home of quantitative trading. The open source library CCXT, known as the "Swiss Army Knife" of cryptocurrency quantification, was actually found to contain "little tricks" hidden in the core code. To put it bluntly, it is that under your nose, it unknowingly takes the exchange commission rebate that should belong to you and puts it into your own pocket.

It's like you found a free housekeeper, only to find out that he takes a commission from your utility bill every month, and you were kept in the dark. Countless developers and trading teams who rely on this "free artifact" are scared to death: It turns out that if you trust this thing, the price has already been marked behind it.

What is CCXT? "Top stream" with 36,000 stars on Github

CCXT (CryptoCurrency eXchange Trading Library) It can be said that no one knows it among the brothers who are engaged in quantification in the currency circle. It is an open source tool library that provides programmers with a unified interface that allows them to easily connect to hundreds of cryptocurrency exchanges around the world.

Imagine that you have to operate the accounts of several exchanges such as Binance, OKX, and Bybit at the same time. The API rules of each exchange are different, which makes it difficult to write. The role of CCXT is to help you standardize these messy interfaces. You only need to learn a set of CCXT rules to handle all the troubles of placing orders and inquiries on all exchanges.

It supports several programming languages such as Python, JavaScript, and PHP, and has been popular since 2016. According to the report, the Python version alone has been downloaded more than 93 million times and has accumulated more than 36,000 stars on Github. It is definitely one of the most popular basic tools in the field of quantitative trading.

"Secret Business Experience": Hard-coding Broker ID to steal user commissions

So what's the problem?

At the end of May this year, a blogger (@sunlc_crypto) broke the news on social media, saying that when he used CCXT to trade, he found something wrong with the commission rebate. When he checked the source code, he found that in the adapter codes of mainstream exchanges such as OKX, Binance, Bybit, Bitget, and Hyperliquid, CCXT had its own "Broker ID" written in advance.

**What does this mean? ** When you trade through the exchange's API, if you register through a link to a "broker" (such as a rebate agent), part of the handling fees generated by your transaction will be returned to that broker as rebates. This Broker ID is used to identify the broker.

CCXT fills in its own Broker ID in the code by default. This means that if you use its code directly without manually deleting or changing the ID to your own, then the rebate generated by your transaction will automatically flow into the pocket of the CCXT project.

According to estimates by the whistleblower, CCXT may have "stolen" approximately US$15,000 in rebates in just three exchanges, Hyperliquid, KuCoin, and Bybit, in two months. Based on this calculation, over the years, its hidden income may reach the level of tens of millions or even hundreds of millions of dollars**. This is not a small amount of money, it is enough for many old leeks to buy the bottom and stop their losses!

From "optional" to "default": an elaborate "free" trap

Looking through history, CCXT may have been planning this move since 2018. 最初有用户建议可以增加一个“可选”的推荐ID，来支持CCXT的开发。 This would have been a good idea, with users voluntarily choosing whether to support it with their code.

But later, this “optional” item gradually became the “default” hard-coding in the codes of many mainstream exchanges. And it is written so secretly that most users will not notice it at all. Until the incident, almost no one in the community discussed this issue.

CCXT was rather careless in its disclaimer, saying that its funds come from rebates from the exchange’s API agency program. But this is like hiding key information in Article 500 of a thick user agreement. How many people will read it carefully? We people in the currency circle are all eager to rush in and move bricks to make quick money.

Warning to all traders: There is no free lunch

This incident has sounded a wake-up call to all of us currency players, especially those who engage in quantification and trade with APIs:

Beware of the price of “free”: The most expensive thing is often “free”. Open source software maintenance requires costs, but if the profit model is opaque or even deceptive, it will deviate from the spirit of open source. Don't think you've got the wool. In fact, you are the sheep.
Keep an eye on your own rights and interests: Whether you are using CCXT or other tools, when it comes to core interests such as funds and rebates, you must carefully check the key parameters**. Don't trust any "authoritative" tool. The currency industry is so deep that you need to be cautious.
Rebates are a lot of money: For high-frequency traders, the long-term accumulation of commission rebates is a very considerable income. Don't think "you don't care about this small amount of money". If you accumulate a little money, it may be the core of your profit. When the market fluctuates, commission rebates can help you withstand the pain of inserting needles.

How to ensure the safety of your rebate? Start from the source

To put it bluntly, the most fundamental guarantee is to lock in your rebate rights from the moment you register for the exchange.

If you haven't registered with these mainstream exchanges, or want to check whether your account has enjoyed the highest commissions, the best way is to register or bind through trusted channels using exclusive invitation codes that provide high commissions**.

In this way, the rebate ratio is clearly written in black and white. You are your own "agent", and the income is directly pocketed. There is no need to worry about being "cut off" by any third-party tool. Save worry and effort, and earn more, why not?

🔐 Safely register for regular exchanges and lock in your permanent commissions

Instead of checking your code after the fact, choose the right entry point beforehand. Choosing a formal, licensed first-tier exchange and registering through a reliable rebate platform is the first step to protect your funds and income. We only promote regular licensed exchanges and will never be a pheasant platform. Safety comes first!

The following are the official secure registration links and the highest authority rebate invitation codes of several top exchanges that I have compiled for you. Use these links to register, and you can directly get permanent fee discounts/rebates. All operations are open and transparent, and there is no trickery:

Binance - The world’s largest exchange
Exclusive invitation code: LULALA
Secure registration link: Click here to register directly
Rebate discount: permanently enjoy 20% handling fee discount
OKX - The leading Web3 trading platform
Exclusive invitation code: LULALA
Secure registration link: Click here to register directly
Rebate discount: permanently enjoy 20% handling fee discount
Bybit - Well-known contract trading platform
Exclusive invitation code: ODXBWMN
Secure registration link: Click here to register
Rebate discount: permanently enjoy 20% handling fee discount
Bitget - the leading copy trading platform
Exclusive invitation code: lu8888
Secure registration link: Click here to register directly
Rebate discount: permanently enjoy 20% handling fee discount
Gate.io (Open Sesame) - a long-established international exchange
Exclusive invitation code: UQJBUVo
Secure registration link: Click here to register directly
Rebate discount: permanently enjoy 30% handling fee discount

Important reminder: Please be sure to register through the above official secure link, and do not use those download sites or QR codes from unknown sources to strictly prevent asset risks. Only choose regularly licensed large exchanges and stay away from any "pheasant platforms", which is the first line of defense to protect your principal. Remember, safety is more important than anything else!

If you are a developer or advanced trader

For those who need to use APIs for quantitative trading, before calling any open source library (including CCXT), please be sure to:

Carefully read its configuration documents about broker (Broker) or rebate (Rebate), don’t be lazy.
When initializing the code, clearly specify or clear the key parameters brokerId and referralId, and set it to the API agent ID you applied for on the exchange.
Consider using AI code assistance tools to review the source code of key dependent libraries to ensure there are no "surprises". We have to use technology to defend ourselves against technology, so we don’t get scammed and help people make money.

To summarize: The CCXT incident exposed not only code problems, but also a reflection on the trust model. In the cryptocurrency world, transparency is more important than anything else. Whether you are choosing an exchange or a tool, clear rules, clear terms, and guarding your core interests are the keys to long-term survival. From the moment you register, you are responsible for every rebate you earn, and don’t let the disguise of “free” eat up your real profits. We old leeks must learn to be smarter and not get ourselves involved while shearing wool.

The CCXT open source library hides the "commission" code: your trading rebates are being quietly stolen, Lao Liek teaches you how to keep profits