Crypto + DeFi Trading AI — On-Chain Data + Automation Stack

What's in this pack

This is the stack for the crypto and DeFi trader who runs their own mix of CEX accounts, on-chain wallets, and the occasional LP position — and is tired of stitching together a TradingView chart, a Telegram bot, a Discord alpha leak, and a spreadsheet. Not a 50-link Anon list of 'AI alpha bots'. Every pick here does one specific job in the crypto trading loop: pull exchange data, run an automated strategy without losing the keys, backtest before you commit, audit the contracts you're about to interact with, track positions across CEX + cold wallets locally, and keep enough of a paper trail that tax season is one weekend instead of three.

The pack is built around one principle: AI accelerates the research and the boring ops; the signing key and the tax record stay yours. That's why the exchange layer is CCXT (open-source, you own the keys) instead of a SaaS bot platform. That's why the on-chain risk layer is two Claude Code agents (Smart Contract Auditor, Web3 Integration Specialist) reading code instead of paying for a 'safety oracle' API that goes down on the day you need it. And it's why the ledger is plain-text (Ledger) so you can hand a single file to a crypto-savvy accountant in April.

The five layers

• Data (exchange + on-chain) — CCXT — unified API across 100+ CEX/DEX venues; on-chain side handled in the Web3 layer.
• Trading (automation + algo strategy) — Freqtrade, Jesse — production-grade crypto bots, both open-source, both keep keys local.
• Backtest + research — Backtrader, TradingAgents, awesome-trading-agents — replay strategies honestly, let an LLM desk write the memo.
• Risk (smart-contract + Web3) — Smart Contract Auditor (Web3 Security), Web3 Integration Specialist — agents that read the contract before you approve the spend.
• Portfolio + tax — Wealthfolio, Ledger — local cold-wallet view + plain-text journal for cost-basis math at year end.

Install in this order (exchange data → automation → backtest → on-chain risk → portfolio + tax)

1. CCXT — Universal Cryptocurrency Exchange Trading Library — start here. CCXT is the unified Python/JS API across 100+ centralized exchanges (Binance, Bybit, Coinbase, OKX, Kraken, Bitfinex, Hyperliquid via adapters, etc.) and a growing set of DEXes. Use it in read-only mode first to fetch prices, order books, and your own balances. Only enable trading-scope keys after a long paper-trade window. This is the data + execution spine the rest of the trading stack reads from.
2. Freqtrade — Open-Source Crypto Trading Bot — the most-adopted open-source crypto bot. Strategy classes in Python, dry-run mode out of the box, hyperopt for parameter search, Telegram control bot. Run it in dry-run for at least 30 days before you flip a single live key. Bigger community than Jesse; easier to find strategy examples on GitHub. The trade-off is the strategy API is bulkier.
3. Jesse — Advanced Crypto Algo-Trading Framework — the crypto-native alternative to Backtrader. Cleaner strategy syntax than Freqtrade, accurate fee/slippage simulation, genetic optimizer, same code runs live. PostgreSQL backend for candle storage. Pick Jesse over Freqtrade when you care more about clean research code than community size; pick both and decide after a month if you can't.
4. Backtrader — Python Algorithmic Trading Framework — the general-purpose backtester. Even if you run Freqtrade or Jesse live, Backtrader is the second opinion on the backtest itself — if a strategy makes money in one framework but breaks in another, you've found a framework-specific bug, not alpha. Pair with CCXT for the data feed.
5. TradingAgents — Multi-Agent LLM Financial Trading Framework — a research-grade multi-agent setup that simulates an analyst desk (fundamentals, sentiment, news, technicals, risk). For crypto, the 'fundamentals' role morphs into protocol health (TVL, fee revenue, token unlocks); 'sentiment' is on-chain whale activity + CT noise. Use it the way you'd use a junior team: it produces a memo, you decide. Do not wire it to a live order ticket on day one.
6. awesome-trading-agents — Trading Agents + MCP List — the index. Curated list of trading agent frameworks and MCP servers worth tracking — useful when picking 5's actual configuration, and for finding crypto-specific MCPs (DEX aggregator, on-chain data, alt-data feeds) as new ones land. Bookmark, re-scan monthly.
7. Claude Code Agent: Smart Contract Auditor (Web3 Security) — the agent you point at any contract before you approve a spend or LP into a new pool. Reads Solidity/Vyper for re-entrancy, integer overflow, access control bugs, oracle manipulation patterns, and proxy-upgrade backdoors. Not a substitute for a professional audit on serious capital, but for retail position sizes it catches the obvious traps that lose money to copy-paste rug contracts.
8. Claude Code Agent: Web3 Integration Specialist — the agent that reviews the integration side: how your bot, dApp, or wallet interacts with chain RPC, multicall patterns, gas estimation, nonce management, MEV exposure on the transactions you broadcast. Pairs with #7 — auditor reads the contract you're calling, integration specialist reads the code that's calling it. Both readings before you ship a trading bot to mainnet.
9. Wealthfolio — Private Local-First Portfolio Tracker — your positions across CEX accounts, hot wallets, and cold wallets, on your machine, no cloud. Multi-account, multi-currency, manual entry or import. The right answer when you don't want a tracker SaaS to see (and potentially leak) your full on-chain footprint. Crypto-friendly without being crypto-only — works for the mixed equity + crypto book most serious traders actually have.
10. Ledger — Double-Entry Accounting via the Command Line — the tax/audit backbone. Every fill (CEX trade, DEX swap, LP deposit, LP withdraw, claim, airdrop, gas fee, bridge) lands as a double-entry posting in a plain-text journal. At tax time you have one file your crypto accountant can read in any decade, no proprietary export needed. This is the deliverable Koinly/CoinTracker import from when they get a year wrong and you have to redo it.

How they fit together

     CEX APIs                    On-chain RPC
     (Binance, Bybit, OKX,       (Alchemy / Infura /
      Coinbase, Hyperliquid)      your own node)
            │                            │
            ▼                            ▼
     ┌─────────────┐              ┌───────────────────┐
     │    CCXT     │              │  Web3 client      │
     │ (read +     │              │  (viem / web3.py  │
     │  execute)   │              │   / ethers)       │
     └─────┬───────┘              └─────────┬─────────┘
           │                                │
           └───────────┬────────────────────┘
                       ▼
             ┌─────────────────────┐
             │  AI research desk   │
             │  TradingAgents      │ ← signals, memos
             │  awesome-trading-   │ ← catalog
             │   agents (index)    │
             └──────────┬──────────┘
                        │
                        ▼
          ┌──────────────────────────┐
          │   Automation / strategy  │
          │   Freqtrade  ◇  Jesse    │ ← run live (dry-run first)
          │   Backtrader             │ ← independent backtest
          └──────────┬───────────────┘
                     │
         pre-trade   │
         risk gate   ▼
     ┌─────────────────────────────────┐
     │  Smart Contract Auditor (W3S)   │ ← reads target contract
     │  Web3 Integration Specialist    │ ← reads your bot's tx code
     └──────────┬──────────────────────┘
                │
        only if both clear:
                │
                ▼
           SIGN + BROADCAST
                │
          every fill / swap
                │
     ┌──────────┴───────────┐
     ▼                      ▼
Wealthfolio              Ledger
(positions, P&L,         (plain-text journal,
 cold + CEX view)         cost basis, tax export)

The critical join is the pre-trade risk gate: before the trading framework actually broadcasts a transaction that interacts with a new contract, both Claude Code agents read the target contract and the calling code. For pure CEX strategies (CCXT → Binance) the on-chain leg is moot, but the moment you touch a new DEX pool, lending market, or perp DEX, the gate runs. No agent ever holds the signing key. Read-only AI on auditable data and code is the safe shape for crypto self-custody.

Tradeoffs you'll hit

• CEX vs DEX — CEX (Binance, Bybit via CCXT) gives you tight spreads, real liquidity, and a single point of failure that has rugged its customers more than once. DEX (Uniswap, Hyperliquid, GMX) gives you self-custody and 24/7 markets at the cost of MEV exposure, RPC reliability, and contract risk. Most serious books are mixed: CEX for size and speed, DEX for tokens that don't list on CEX yet. The pack supports both — CCXT for CEX, the Web3 + audit agents for DEX.
• Automation vs manual — Freqtrade/Jesse running 24/7 catches setups while you sleep and removes emotion. It also amplifies a buggy strategy at 3am with nobody watching. Manual trading is bounded by your attention but bounded by your attention. The pragmatic split: automate the boring (DCA, grid, rebalance), keep human-in-the-loop for the discretionary (narrative trades, event-driven, new launches).
• High-frequency vs swing — HFT in retail crypto is a money-burning hobby; you're competing with co-located market makers on Binance and getting your fills picked off. Swing (hold hours to weeks) and position (hold weeks to months) is where retail edge actually exists, and where this pack is calibrated. If you find yourself optimizing for sub-second latency, you're in the wrong market.
• Safe vs degen — the same CCXT + Freqtrade + Backtrader stack can run a boring BTC/USDT mean-reversion strategy or a leveraged altcoin perp scalper. The tools don't moralize; you do. The audit agents and risk gate are how you stop your degen self from approving an infinite-mint contract because the chart looked good. Position sizing is your real risk control. The pack just stops you from sizing into something obviously broken.

Common pitfalls

• Rugpulls and copy-paste scam contracts — most retail losses on DEXes come from approving spend allowance to a malicious contract that drains the wallet the moment a balance arrives. The Smart Contract Auditor agent catches the obvious patterns (hidden mint functions, owner-can-pause-transfers, fake LP locks). Never approve max allowance on a fresh contract; use exact-amount approvals and revoke after the trade via revoke.cash. No agent catches everything — if the project is anonymous, audit-less, and shilled by 12-hour-old accounts, walk.
• MEV and slippage — broadcasting a large swap to mempool is broadcasting your trade to every searcher; expect sandwich attacks on anything material on Ethereum mainnet. Mitigations: private RPC (Flashbots Protect, MEV-Blocker), tight slippage tolerance (0.5%-1% for liquid pairs), batch via 1inch/CoW Swap that already routes around MEV, and on aggressive L2s use the chain's native MEV-shielded routes when available.
• Private key leakage — the single most expensive bug class in this whole stack. Rules: hardware wallet for any address holding more than you'd lose without flinching, separate hot wallet with capped balance for the trading bot, .env files in .gitignore and .cursorignore and .aider-ignore, never paste a seed phrase into any LLM chat including this one, and chmod 600 on every key file. Test the bot on testnet (Sepolia, Base Sepolia) before you fund it on mainnet.
• API key permission too broad — the most common mistake is creating one CEX API key with withdraw permission for both the trading bot and the portfolio tracker. Wrong. Trading bot key: trade-only, no withdraw, IP-restricted to the box it runs on. Portfolio tracker key: read-only, no trade, no withdraw. Wealthfolio and most read-only trackers need only a read key. If a tool asks for withdraw permission, that's the answer: don't give it.
• Tax jurisdiction differences — Ledger is a generic accounting tool; it doesn't know your country's crypto rules. In the US, every trade is a taxable event (FIFO or specific-ID), staking rewards are income at receipt, and DeFi LP entry/exit triggers complex disposition events. In Germany, >1 year held is tax-free. In Portugal until 2023, crypto was tax-free for individuals; now it's not. The pack gives you the data; your accountant applies the rules. Do not ship a crypto tax return out of an LLM. Find a crypto-specialist CPA.

Disclaimer

This pack is editorial guidance about an AI-assisted crypto + DeFi trading workflow. It is not investment, tax, or legal advice. Tools mentioned have their own terms of service, regional restrictions, and risk profiles — review them before use. Crypto trading carries substantial risk including total loss of capital. Smart-contract interactions are irreversible. Backtest results are not predictive of future performance. Past performance is not a guarantee of future returns. Talk to a licensed advisor and a crypto-aware accountant before any material decision.