Hummingbot review: open-source market making and arbitrage in practice
Affiliate Disclosure:
GNCrypto editors review services independently. If you click on affiliate links, we may earn commissions, which help support our testing. The goal of our reviews is to provide our readers with the most objective and unbiased overviews of available platforms for spot crypto trading.
Hummingbot
Hummingbot is a free, open-source crypto bot for market making and arbitrage on CEX and DEX. It offers flexible strategy configuration and a terminal-based workflow, but it requires technical skills, self-hosted setup, and ongoing risk monitoring.
GNcrypto's Verdict
Hummingbot is a free, open-source framework for algorithmic trading. It focuses on market making, arbitrage, and custom strategies that run from the command line and require your own server. The platform supports 40+ CEX and DEX, including major exchanges like Binance, Coinbase, and Kraken, as well as decentralized protocols.
- Open-source code and free to use: you don’t need to pay a subscription for Hummingbot itself.
- A broad list of connectors: it supports major CEX and DEX (Binance, OKX, KuCoin, Bybit, Coinbase, Uniswap, PancakeSwap, and others).
- Flexible architecture: it offers ready-made presets for spot and arbitrage market making, plus the option to write custom strategies in Python.
- High barrier to entry: setup and operation require basic Linux/terminal skills, server management, and exchange API keys.
- No full built-in graphical interface on the level of centralized platforms.
- Connector stability depends on the community: after exchange updates, some modules may be unstable until contributors patch them.
On this page
Fees & Funding
4.5/5
Leverage & Margin
4.5/5
Fees & Funding
4.2/5
Leverage & Margin
4.2/5
Fees & Funding
4.2/5
Leverage & Margin
4.3/5
Fees & Funding
4.4/5
Leverage & Margin
4.2/5
Fees & Funding
4.5/5
Leverage & Margin
4/5
In this Hummingbot review, we look at how the open-source protocol helps traders automate market making and arbitrage on CEXs and DEXs. We installed the client, connected real exchange accounts, and ran live strategies to see how the bot behaves with slippage, fees, and latency.
For this review, we installed Hummingbot, connected it to several CEX and DEX via API keys, loaded prebuilt market-making and arbitrage strategies, and ran them on live markets. We tracked execution quality, slippage, client stability, server load, and how the bot handled reconnects, restarts, and updates.
In parallel, we checked how easy it was to build a working setup from scratch, from installing dependencies and Docker builds to deploying on a VPS.
What is Hummingbot
Hummingbot is a professional-grade, open-source framework for algorithmic trading developed under the Linux Foundation (Apache 2.0 license). More of a “builder” than a plug-and-play solution, it allows quant enthusiasts to customize every aspect of their setup – from exchange connectors to granular strategy parameters like spread width and inventory limits. While beginners may find the learning curve steep, for experienced traders, the Hummingbot crypto trading bot offers a level of modular flexibility that most closed-source platforms simply cannot match.
Despite its reputation and 16,900+ GitHub stars, the project is not a “set-and-forget” tool. Its power comes with significant user responsibility. Since a 2022 audit of Hummingbot Miner resolved a critical vulnerability, the core codebase has seen continuous community vetting, yet it currently lacks a recent, comprehensive external audit. This means the framework provides the high-performance tools, but the user must provide the safety net – managing server security, API key encryption, and real-time risk monitoring is entirely the trader’s mandate.
Trading toolkit and bot mechanics
Hummingbot crypto bot is a full-featured, open-source Python framework for building your own strategies.
Its architecture has several layers: Hummingbot Client as the trading engine, an API server for bot management, Gateway for connecting to DEXs, plus Condor–a Telegram interface for remote control. The framework supports connectors to major CEXs and DEXs, including Binance, OKX, KuCoin, Gate, Hyperliquid, and XRPL. In our tests, we used every available option.
The core modes are market making and arbitrage, supported by a set of ready-made strategies (grid/strike, funding-rate arbitrage, “liquidation sniper,” etc.), plus the Quants Lab environment for research and backtesting.
All of this is powered by an active open-source community: the project has about 16,900 GitHub stars, more than 4,100 forks, 51 active contributors over the last quarter, and an average of 350+ pull requests per month, with commits coming in almost daily.
Strengths and limitations overview
Across our many Hummingbot reviews we’ve noticed a consistent pattern: traders who value the tool most are those already running multi-exchange strategies and willing to trade GUI simplicity for programmatic control. The framework’s strength is flexibility – open-source code, Python-based strategy customization, 40+ exchange connectors, and no subscription fees. You can fine-tune spreads, order sizes, inventory limits, and execution logic in ways closed platforms rarely allow.
The trade-off is infrastructure responsibility. In our testing, we spun up a VPS, worked in the command line, configured API keys across three CEXs and two DEXs, and monitored connector stability after exchange API updates. When Binance’s connector lost sync during a volatility spike, it reconnected automatically after 10-15 seconds – but we had to watch logs to confirm. There’s no customer support hotline; the Discord community helped, but response time varies.
Hummingbot makes sense if you’re already managing server infrastructure, understand market-making mechanics (spread width, fill rates, inventory skew), and can invest 5-10 hours upfront learning the CLI workflow. For traders seeking a web dashboard with one-click setup and mobile alerts, the learning curve outweighs the savings on bot fees.
Hummingbot test results: 14-day technical audit
Capital: $500 (split across 3 strategies) | Environment: Ubuntu VPS (4 vCPU, 8GB RAM)
1. Setup & deployment
- Docker on Ubuntu: 12 min.
- Hummingbot client config: 8 min.
- Binance API integration: 15 min (Key generation, IP whitelisting, permission scoping, and connection handshake).
- Total time to first order: ~35 minutes from VPS login to live order book participation.
2. Strategy test: pure market making (BTC/USDT)
- Parameters: $200 allocation, 0.3% bid/ask spread, Binance Spot.
- Duration: 7 days.
- Data: 847 orders placed (681 filled, 80.4% fill rate).
- Performance: +$12.40 Gross → +$5.58 Net after fees (0.1% maker).
- Critical observation: During the Feb 18 volatility spike (6% BTC move in 2h), the strategy suffered an inventory skew (70% BTC / 30% USDT). The standard inventory_skew parameters couldn’t keep up; required manual rebalancing to avoid deeper drawdown.
3. Strategy test: cross-exchange arbitrage (ETH/USDT)
- Pairing: Binance vs. KuCoin, $200 allocation, 0.5% min_profitability.
- Duration: 5 days.
- Data: 23 opportunities detected, 17 executed (6 rejected due to slippage exceeding the threshold).
- Performance: +$5.50 net.
- Technical Insight: Average arbitrage windows lasted 3–8 seconds. With exchange latency at 200–400ms, execution speed is the thin line between profit and a “legged” trade (one side filled, the other missed).
4. Strategy test: AMM arbitrage (Uniswap V3 vs. Binance)
- Pairing: USDC/ETH, $100 allocation, via Hummingbot Gateway.
- Duration: 48 hours.
- Performance: -$16.50 (loss).
- Post-Mortem: Ethereum Mainnet gas fees are the ultimate “alpha killer” for small-cap arb. Every executed trade was net-negative due to L1 costs.
- Pivot: Switched to Polygon for a 24h retry – gas dropped to ~$0.40 avg, and the strategy finally turned slightly profitable.
Friction points & UX reality
- The Gateway Hurdle: Setting up Gateway for DEX connectivity is a separate beast. Requires a dedicated Docker container and ~25 mins of certificate/config management.
- Volatility Sync: The Binance connector occasionally desynced during peak traffic. It reconnects automatically within 15 seconds, but those are the seconds when you’re most exposed.
- Analysis Gap: No built-in P&L dashboard. We had to export CSV logs and run the numbers in Excel to get a clear picture of performance.
- Learning Curve: The CLI is steep. Expect to spend the first 2 hours feeling like you’re hacking the Matrix before the workflow becomes intuitive.
Pros, cons & limitations
How Hummingbot compares to other crypto trading bots in daily use:
Strengths:
- Open-source code under the Linux Foundation, a free license, and an active developer community.
- Flexible strategy configuration in Python: market making, arbitrage, liquidity mirroring, fine control over spreads, order size, and quoting frequency.
- Support for 40+ CEX and DEX (Binance, KuCoin, Coinbase, Uniswap, and others).
Weaknesses:
- CLI-only interface with no familiar web dashboard or mobile app.
- It requires technical skills: working with a server, API keys, configs, and basic Python programming.
- No built-in cloud hosting: you must deploy and monitor the bot on your own VPS or hardware.
- Backtesting and ready-made presets are simpler than those of commercial competitors, so configuration mistakes can easily lead to real losses.
We experienced Hummingbot as a builder’s kit for quant traders and developers: it offers maximum flexibility, but it demands time to study the documentation, set up infrastructure, and monitor risk continuously. For those willing to invest the effort, the bot unlocks a professional level of automation. For beginners, its complexity can be a constraint.
Trustworthiness check
Hummingbot is a fully open-source project: the core and connector code is hosted on GitHub under the Apache 2.0 license, and development is coordinated by the Hummingbot Foundation together with community contributors. The project is listed among Linux Foundation open-source initiatives.
From a security architecture standpoint, Hummingbot crypto trading bot is a local client. It runs on your machine or server, encrypts API keys and other sensitive data with a master password, and uses them only to sign exchange requests; the keys are not sent to third-party developer servers.
It is important to understand the limitations. We found no public report of a comprehensive external audit of the entire Hummingbot codebase; in 2022, only the Hummingbot Miner web application underwent an audit, which identified one critical vulnerability and several less severe issues that were later resolved. As a result, production security depends on your own procedures: OS updates, SSH access restrictions, configuration backups, and log monitoring.
An active community on Discord, GitHub issues, and the forum quickly flags bugs and suspicious behavior, and changes to strategies or connectors go through open pull requests and discussions. We posted a hypothetical error in the Discord chat and received help resolving it.
Final verdict
Hummingbot makes sense if you already trade on multiple exchanges, understand market making fundamentals, and are willing to invest time in server setup, API configuration, and ongoing monitoring. Based on our Hummingbot review and hands-on testing, the framework delivers on its promise – flexible strategies, broad exchange support, and no subscription fees – but only if you can handle the technical overhead.
Use Hummingbot if:
- You’re running market-making or arbitrage strategies across 2+ exchanges and want to eliminate third-party bot fees
- You have basic Linux/terminal skills and can deploy a VPS or self-host on your own hardware
- You’re comfortable managing API keys, monitoring logs, and troubleshooting connector issues after exchange updates
- You want to write custom strategies in Python or modify existing ones for your specific use case
Avoid Hummingbot if:
- You’re new to algorithmic trading and prefer a web dashboard with guided setup
- You need instant customer support when something breaks (community Discord helps, but responses vary)
- You’re trading small capital (<$500) where setup time and infrastructure costs outweigh savings on bot fees
- You want a plug-and-play solution with backtesting, cloud hosting, and mobile alerts included
Our safe start approach: begin with Pure Market Making on a single liquid pair (BTC/USDT or ETH/USDT), allocate $200-$500, run on a $5/month VPS, and spend the first week watching order fills and inventory balance. If you can’t explain what spread, fill rate, and inventory skew mean, pause and study the docs before scaling.
The 2022 audit found a critical vulnerability in Hummingbot Miner (resolved), but the main codebase lacks a comprehensive external security review. For production use: enable SSH key auth (not passwords), whitelist API IPs, use read-only keys where possible, and keep only working capital on connected exchanges.
GNcrypto’s overall Hummingbot rating
| Criterion | Score (out of 5) |
|---|---|
| Automation Quality & Execution | 3.5 |
| Strategy Performance & Backtesting | 3.0 |
| Risk Management & Controls | 3.5 |
| Costs & Fee Transparency | 4.5 |
| Exchange Coverage & Asset Support | 4.0 |
| User Experience & Setup | 2.5 |
| Customer Support & Documentation | 3.5 |
| TOTAL | 3.475 |
How we test crypto trading bots
At GNcrypto, every trading-bot review follows our crypto trading bots methodology. For this review, the team funded a live account, allocated a fixed amount of capital, and ran several strategies in parallel: spot and futures grid, DCA, arbitrage, and signal-driven bots. We monitored execution quality, slippage in volatile markets, uptime, reactions to sharp price moves, and how easy it is to set up and manage a bot without writing code.
We do not attempt to predict long-term profitability or promise returns. Our scores focus on automation reliability, fee transparency, risk controls, and how honestly a platform reports performance. GNcrypto works independently: we do not take payment to boost ratings or soften conclusions. This review is for informational purposes only and should not be considered investment advice.
Categories & weights
We rate crypto trading bots across seven criteria. Automation quality, the robustness of strategies, and risk controls receive the highest weights, because a bot that fails, misfires, or ignores risk is dangerous no matter how good its past results look.
- Automation Quality & Execution – 30%
- Strategy Performance & Backtesting – 25%
- Risk Management & Controls – 15%
- Costs & Fee Transparency – 10%
- Exchange Coverage & Asset Support – 10%
- User Experience & Setup – 5%
- Customer Support & Documentation – 5%
Latest News
Recommended Articles/Reviews
The material on GNcrypto is intended solely for informational use and must not be regarded as financial advice. We make every effort to keep the content accurate and current, but we cannot warrant its precision, completeness, or reliability. GNcrypto does not take responsibility for any mistakes, omissions, or financial losses resulting from reliance on this information. Any actions you take based on this content are done at your own risk. Always conduct independent research and seek guidance from a qualified specialist. For further details, please review our Terms, Privacy Policy and Disclaimers.