CCXT Open Source Library Hides Rebate Code Causing Controversy

Recently, the widely popular open source quantitative trading library CCXT in the cryptocurrency field has been exposed for hiding a little-known mechanism in its core code. By presetting rebate IDs, the software transfers the exchange fee rebate income that originally belongs to users without their knowledge.

This revelation has sparked widespread attention, revealing not only the potential hidden business models behind open source projects but also making many developers and trading teams who rely on its convenience realize that seemingly free tools may have quietly charged high fees.

CCXT is a highly regarded Open Source software library in the field of cryptocurrency trading, providing developers, traders, and analysts with a unified interface to connect and operate numerous cryptocurrency exchanges worldwide. The project dates back to 2016 and supports multiple programming languages, including JavaScript, Python, PHP, C#, and Go, greatly expanding its applicability.

By using CCXT, users can conduct market analysis, develop indicators, engage in algorithmic trading, backtest strategies, and perform various other functional developments. Currently, CCXT supports over 100 cryptocurrency exchanges, covering almost all mainstream platforms. On Github, CCXT has over 36,000 stars, making it more popular than many well-known open source projects in the financial sector. According to reports, CCXT's cumulative downloads on the official Python package manager PyPI have exceeded 93 million times, reflecting the vast number of quantitative traders and development teams globally utilizing this tool.

However, behind the widespread acclaim, CCXT hides a secret. Some users have discovered that CCXT has preset its own broker ID in the source code of multiple exchanges, resulting in most rebate fees being collected by CCXT without users being aware or modifying it. This practice has sparked doubts and discussions within the community.

By examining the Open Source code of CCXT, it can be found that there is indeed a default brokerId in the Python adapters for multiple mainstream exchanges. These parameters mostly exist in hard-coded form, and when users place orders directly using CCXT without explicitly setting or modifying the related options, these default broker IDs will be sent along with the request, attributing potential fee rebates to the account provided by CCXT.

This practice may have originated as early as 2018. The early CCXT offered a paid Pro subscription service, which later switched to a free model. At that time, some users suggested adding an optional referral ID to support CCXT, but this suggestion was mainly aimed at rewards for referral registrations and provided an optional choice. However, over time, CCXT seems to have expanded this mechanism to more exchanges and adopted a more covert encoding method.

After the incident was exposed, different voices emerged within the community. Some believe that as professional traders, one should not be overly concerned about these transaction fee rebates, while others argue that since it is open source code, the failure to discover and modify these settings during use is the user's own issue. However, considering the widespread use and good reputation of CCXT, this hidden coding method indeed goes against the trust the community has in it.

As of now, the CCXT official has not made a positive response to this matter, its code is still being updated daily, but it has not made any modifications regarding the issue raised by the community.

This event has sounded the alarm for all users: in the game-filled realm of cryptocurrency, it is crucial to maintain necessary scrutiny and vigilance over any "free lunch." Carefully examining every line of "trust" code may be the most fundamental and critical line of defense in protecting one's own rights and interests. Because sometimes, the most expensive costs are precisely hidden beneath the guise of "free."