V VelosBot

Binance P2P Bots on GitHub, Compared

VelosBot Guide ·6 min read

If you run a P2P desk, you already know the grind: someone undercuts your USDT ad by a groszy, you slide down the list, and you're back in the Binance app nudging your price for the tenth time that hour. So you go looking for a binance p2p bot github project to do the nudging for you. Fair. That's exactly the kind of dumb repetitive work software should handle.

I've gone through what's actually up there. Most of it is smaller and rougher than the search results make it look. Here's an honest rundown of the open-source options, what they really do, and where they fall short before you hand any of them your API keys.

What actually exists on GitHub

When people say "Binance P2P bot," they usually mean one of two very different things: a tool that re-prices your ads automatically, or a tool that just watches prices and pings you. The GitHub projects split cleanly along that line, and it matters a lot which one you're grabbing.

The auto-repricing bots

The main one is pydevtop/p2p-trade-bot-binance (it calls itself P2PTradeBot). It's Python, MIT-licensed, and its whole job is to watch your competitors' ad prices and re-price your own ads to keep you near the top. Per the repo, it's on version 2.1.0 dated February 14, 2026, sitting at around 5 stars. That's the real number as of this writing — a single-digit hobby project, not a widely-used product.

The same author has pydevtop/binance_p2p_bot, which does the buy side: it auto-buys USDT and other coins on P2P when the price drops below a threshold you set, then auto-messages the seller after opening the order. Also MIT, also around 5 stars, last noted at version 1.0.3 from June 21, 2025.

Both need your Binance API Key and Secret. Both are driven through Telegram plus a config.ini, launched with a .bat on Windows or a .sh on Linux and macOS. Neither has a graphical interface. You live in a Telegram chat and a text config file.

The alert / parser tools (no trading)

Then there's a whole cluster of projects that don't trade at all. repeating/Binance-P2P-alerts-Telegram-bot (around 10 stars) fetches P2P prices and sends you alerts through Telegram — but it never places or edits an order. You still trade by hand. And usefully, it appears to scrape the public P2P data rather than needing your Binance keys at all.

Others in the same bucket: Twix298/Binance_parser and ratik/binance-parser-bot both parse P2P listings into a Telegram feed, and saudalta/Binance-P2P-price-arbitrage-notification-Bot pings you on arbitrage gaps. These are monitors. Handy if you just want a heads-up, useless if you want hands-off pricing.

If a repo doesn't ask for your API key, it almost certainly can't touch your ads. That's not a knock — it's just the ceiling on what a scraper can do.

The Telegram-and-config-file problem

Here's my honest take after using tools like these: the Telegram-only control model gets old fast. It's fine for a toggle or a status ping. It's a bad way to manage pricing rules across several ads, multiple fiat pairs, and different payment methods. You end up scrolling a chat log trying to remember which command sets your floor price, and editing an .ini file by hand every time you want to change a margin.

There's also no dashboard. No at-a-glance view of "here are my five ads, here's where each one sits in the ranking right now, here's my floor." You're trusting a script you can't see the state of. When it silently stops re-pricing at 2 a.m. because Binance changed a response shape, you find out from your order volume, not from the bot.

The part nobody likes to say out loud: API keys and unknown code

This is the real decision, and it's not really about features.

The repricing bots need a Binance API key with trade permissions to do their job. Binance's own security guidance is blunt about what that means. According to Binance's API security guide, anyone with your secret key can send API requests on your behalf — and Binance's risk system won't necessarily flag it as suspicious, because as far as it can tell, it's you. That same guide pushes hard on a few habits: one key per app, minimum permissions, IP whitelisting on every key, and rotating keys often. It also notes that a key without IP whitelisting can't initiate withdrawals, and that non-whitelisted keys sitting idle for 30 days get auto-deleted.

Binance's broader advice — echoed in the Binance.US key best-practices — is least privilege: grant only the access the tool genuinely needs, nothing more.

Now put that next to a 5-star repo. I'm not saying any of these projects are malicious — I haven't audited their code and neither, probably, have you. That's the point. You're running someone else's script with a key that can move your money. At minimum: read the source before you run it, restrict the key's permissions as far as the bot will still function, whitelist your IP, and never grant withdrawal access. If you can't be bothered to do that, you shouldn't run the bot.

A limit that affects every one of these bots

Worth understanding what Binance actually exposes. The only C2C (P2P) endpoint Binance officially documents is read-only. Per Binance's C2C REST API docs, it's GET /sapi/v1/c2c/orderMatch/listUserOrderHistory — completed trade history, nothing more. The docs point you to the c2c.binance.com web platform for actually managing ads. The signed endpoint lives under api.binance.com/sapi/v1/c2c/ and needs HMAC-SHA256 auth (your key and secret).

So how do the repricing bots edit ads if Binance doesn't document an ad-management endpoint? They lean on undocumented or private endpoints, or web automation. You'll see third-party sites claim dozens of C2C endpoints exist — but only the one history endpoint is officially documented. Anything built on the unofficial ones can break without warning when Binance changes something, and I wouldn't assume it's officially supported. Treat "it works today" as exactly that.

When a maintained desktop-plus-mobile tool makes more sense

Running a raw GitHub script is the right call if you like reading Python, you want full control, and you enjoy owning the maintenance. Genuinely — some people do, and open source is great for that.

But if you're running an actual merchant desk and the bot is infrastructure, not a hobby, the calculus flips. You want a real interface where you can see all your ads and rules at once. You want it to keep working when Binance shifts things, without you patching a scraper. You want to set a floor and a margin without editing a config file over SSH. And you'd rather not babysit a Telegram chat.

That's the gap VelosBot is built for — a free, maintained auto-pricing bot for Binance and Bybit P2P with an actual UI instead of a chat-command interface. I'll be straight about it: it's one option among several, and the same key-safety rules apply no matter what you run. Use least privilege, whitelist your IP, don't grant withdrawals. To be upfront: VelosBot isn't open-source, so unlike the repos above you can't read its code. There's a project page on GitHub with the full feature list and setup, but the pricing logic runs on our server, not in a public repo.

Whatever you pick, decide it on two questions: can I see what it's doing, and who fixes it when Binance changes. The GitHub scripts answer the first with a Telegram log and the second with "you do." Know that going in and you'll choose the right tool for how you actually trade.

None of this is legal or financial advice, and P2P rules vary by country and change over time — check current guidance for wherever you operate. If you want to try a UI-first approach, you can download VelosBot and point it at a read-limited key first to see how it behaves.

Auto-price your P2P ads — free

Download VelosBot for Windows and Android. No license, no payment.

Download VelosBot
← All guides