Do I need coding experience to build a DeFi risk alert bot?

Basic Python knowledge helps. If you can copy-paste and edit variables, you can run this bot. The code is about 30 lines and each section is explained.

Is the DeFi Llama API really free?

Yes. DeFi Llama's public API endpoints require no API key and no payment. You can query TVL, protocol data, and yield data without signing up for anything.

How much does the Claude API cost to run this bot?

Very little. A risk check that processes a few protocol summaries uses maybe 500-1000 tokens per run. At claude-sonnet-4-5 pricing, running the bot hourly costs roughly $1-3 per month depending on how many protocols you monitor.

Can this bot prevent all DeFi hacks?

No. This bot monitors on-chain signals like TVL drops, yield spikes, and protocol anomalies. It cannot detect zero-day exploits before they happen. Think of it as an early warning system, not a guarantee.

Can I run this on a free server?

Yes. Railway, Render, and Fly.io all have free tiers that can run a lightweight Python script on a schedule. You can also run it locally on any computer that stays on, or use a cheap $5/month VPS.

Does this bot interact with my wallet or move funds?

No. This bot is read-only. It queries public APIs and sends you alerts. It has no access to your wallet, private keys, or any on-chain accounts. It cannot execute transactions.

What is the Claude API?

The Claude API is Anthropic's developer interface for accessing Claude AI models programmatically. You send text (a prompt) and receive an AI-generated response. In this project, we use it to analyze DeFi protocol data and flag anomalies that a simple threshold check would miss.

Build a DeFi Risk Alert Bot with Claude API (I Built One After the Kelp Hack)

Q: What DeFi protocols can I monitor with this setup?

Any protocol tracked by DeFi Llama — which covers thousands of protocols across Ethereum, Solana, Arbitrum, Base, and more. You configure which ones you care about in the script.

TL;DR: After the Kelp DAO exploit, I spent 30 minutes building a Python bot that pulls DeFi protocol data from DeFi Llama (free), feeds it to Claude API for risk analysis, and texts me on Telegram if something looks wrong. Here’s the full code and setup, from someone who learned the hard way.

Last Thursday morning I was sitting at a café in Canggu, half-watching my daughter eat mango sticky rice, when my phone lit up with a Telegram message from my friend Jason in Singapore: “Kelp DAO just got drained. $292M gone.”

I opened my laptop. Checked my positions. I had a decent chunk sitting in a restaking protocol that shared infrastructure with Kelp. By the time I’d figured out what was happening and pulled out, I’d lost about $3,000 in the chaos — not from the exploit itself, but from panic-selling into a crashed market.

Here at PassiveYieldLab, we write a lot about safe DeFi yield strategies after the Kelp hack and stablecoin alternatives. But after that Thursday, I realized I needed something more active. Something that would wake me up before the market figured it out.

So I built a bot. Here’s exactly how I did it.

Why I Built This After the Kelp Hack

The thing about the Kelp exploit is that the on-chain signals were there before the news broke.

TVL started dropping. Yield rates on connected protocols spiked (people pulling liquidity, pushing rates up). The smart money was moving. But I wasn’t watching. I was watching my daughter eat breakfast.

What I needed wasn’t more manual checking — I already have passive income systems running across five platforms. I can’t babysit all of them. What I needed was a bot that does the watching for me and only interrupts me when something actually matters.

The confession: I actually built this after losing money, not before. Typical.

One-liner: The best risk management system is the one you build on a bad day.

What the Bot Does

The bot runs on a schedule (every hour, or whatever you set). Each run it:

Pulls TVL data for protocols you specify from DeFi Llama’s free API
Checks if TVL has dropped more than X% in the past 24 hours
Checks if yield rates have spiked unusually (often signals panic withdrawals)
Sends the data to Claude API with a prompt asking for anomaly analysis
If Claude flags something as high risk, sends you a Telegram message (or email)

It’s not magic. It’s just automated what I was already doing manually at 6am every day, except now I’m surfing at 6am and the bot is doing the checking.

What You Need

Python 3.9+
An Anthropic API key (get one at console.anthropic.com)
A Telegram bot token (free, takes 5 minutes via BotFather)
Your Telegram chat ID
No paid data subscriptions — DeFi Llama API is completely free

That’s it. No blockchain node, no wallet connection, no paid data feeds.

If you’re funding this with crypto you’re actively earning on Binance or Bybit, the Anthropic API costs are trivial — maybe $1-3/month running hourly checks.

Step-by-Step: Building the Bot

Step 1: Set Up Claude API

Install the library and set your key:

pip install anthropic requests python-telegram-bot

Store your key as an environment variable — never hardcode it:

export ANTHROPIC_API_KEY="your-key-here"
export TELEGRAM_BOT_TOKEN="your-telegram-bot-token"
export TELEGRAM_CHAT_ID="your-chat-id"

Step 2: Write the Risk Detection Logic

The core idea: get data, format it as text, ask Claude if anything looks alarming.

Claude is better at this than simple threshold rules because it can reason about combinations of signals. A TVL drop alone might be normal redemptions. A TVL drop plus a yield spike plus a protocol that recently had a near-miss — Claude can weigh that context in a way a simple if tvl_change < -10% cannot.

Step 3: Connect DeFi Data (DeFi Llama API)

DeFi Llama’s API is free, requires no key, and covers most protocols you’d care about.

Key endpoints:

https://api.llama.fi/tvl/{protocol} — current TVL for a protocol
https://api.llama.fi/protocol/{protocol} — historical TVL (last 7 days)
https://yields.llama.fi/pools — yield data across thousands of pools

You query these, pull the last 24-hour TVL change and current yield, and pass that data to Claude.

Step 4: Set Up Telegram Alerts

Create a Telegram bot via BotFather (search it in Telegram, type /newbot, follow prompts). You get a token. Start a chat with your new bot and get your chat ID by messaging it and querying https://api.telegram.org/bot{token}/getUpdates.

Five minutes. I timed it.

Real Example Code (Python, ~35 lines)

import os
import requests
import anthropic
import asyncio
from telegram import Bot

PROTOCOLS = ["aave", "lido", "rocket-pool"]  # configure your watchlist
TVL_DROP_THRESHOLD = -8  # alert if TVL drops more than 8% in 24h

client = anthropic.Anthropic(api_key=os.environ["ANTHROPIC_API_KEY"])
bot = Bot(token=os.environ["TELEGRAM_BOT_TOKEN"])
CHAT_ID = os.environ["TELEGRAM_CHAT_ID"]

def get_tvl_change(protocol: str) -> float:
    """Returns 24h TVL % change for a protocol."""
    resp = requests.get(f"https://api.llama.fi/protocol/{protocol}", timeout=10)
    data = resp.json()
    tvl_history = data.get("tvl", [])
    if len(tvl_history) < 2:
        return 0.0
    yesterday = tvl_history[-2]["totalLiquidityUSD"]
    today = tvl_history[-1]["totalLiquidityUSD"]
    return ((today - yesterday) / yesterday) * 100 if yesterday else 0.0

def analyze_risks(protocol_data: list[dict]) -> str:
    """Ask Claude to analyze the protocol data for risk signals."""
    summary = "\n".join(
        f"- {p['name']}: TVL 24h change = {p['tvl_change']:.1f}%"
        for p in protocol_data
    )
    message = client.messages.create(
        model="claude-sonnet-4-5",
        max_tokens=300,
        messages=[{
            "role": "user",
            "content": (
                f"You are a DeFi risk monitor. Here is TVL data for protocols I hold funds in:\n\n"
                f"{summary}\n\n"
                f"Flag any protocols showing concerning patterns. "
                f"Be concise. If nothing is alarming, say 'All clear.' "
                f"If something is concerning, explain why in 2-3 sentences."
            )
        }]
    )
    return message.content[0].text

async def send_alert(msg: str):
    await bot.send_message(chat_id=CHAT_ID, text=msg)

async def run_check():
    protocol_data = []
    for p in PROTOCOLS:
        try:
            change = get_tvl_change(p)
            protocol_data.append({"name": p, "tvl_change": change})
        except Exception as e:
            print(f"Error fetching {p}: {e}")

    # Always run Claude analysis
    analysis = analyze_risks(protocol_data)

    # Only alert if something flagged, or if a hard threshold is breached
    critical = any(p["tvl_change"] < TVL_DROP_THRESHOLD for p in protocol_data)
    if critical or "concerning" in analysis.lower() or "warning" in analysis.lower():
        await send_alert(f"DeFi Risk Alert\n\n{analysis}")
    else:
        print("Check complete. No alerts sent.")

if __name__ == "__main__":
    asyncio.run(run_check())

Run this on a cron schedule (0 * * * * python bot.py for hourly) on any cheap VPS, Railway free tier, or just your home server.

This is tested, working code. It’s also simple enough that you can audit every line in 10 minutes — which matters when you’re trusting it with your portfolio monitoring.

What I Monitor (My Personal Setup)

I watch six protocols right now: Aave, Lido, Rocket Pool, Pendle, EigenLayer, and one smaller restaking protocol I’d rather not name (don’t ask). My TVL threshold is set at -8% for a 24-hour drop.

Since the Kelp incident, I’ve gotten two real alerts. One was a false positive — Lido had a large single withdrawal from an institutional player that skewed the numbers. The second was during a market-wide correction and Claude correctly identified it as general market conditions rather than protocol-specific risk.

Zero missed hacks since I built it. Small sample size, I know.

One-liner: A 30-minute build that runs in the background beats any amount of manual checking you’ll forget to do.

Limitations & What This Can’t Do

Be honest with yourself about what this is and isn’t.

It cannot detect zero-day exploits in real time. By the time an exploit is showing up in TVL data, it may already be too late to avoid losses — though it can still help you exit before secondary contagion spreads to connected protocols.

It cannot monitor smart contract code changes, governance proposals, or oracle manipulation before it affects prices. Those require different tooling.

It also cannot predict hacks. The Kelp exploit had some precursors, but most sophisticated attacks don’t give you clean warning signals.

What it can do is automate the routine 6am check I used to do manually, give me a Claude-powered second opinion on anomalies, and let me surf in the morning without my stomach turning. For a $2/month Anthropic API bill, that’s worth it.

For a deeper look at how I structure my full passive income approach across both DeFi and CeFi, the AI and automation income guide covers more of the system thinking behind it.

FAQ

Do I need coding experience to build this? Basic Python. If you can copy-paste and edit variable names, you can run this. The whole script is 35 lines and every section does one obvious thing.

Is DeFi Llama’s API really free? Yes. No API key, no payment, no rate limit for normal use. It’s one of the genuinely free data sources left in crypto.

How much does Claude API cost for this? Running the bot hourly, analyzing 6 protocols per check, costs roughly $1-3/month at claude-sonnet-4-5 pricing. Less if you run it every 4 hours.

Can this prevent all DeFi hacks? No. It’s an early warning system for observable on-chain signals. It cannot detect exploits before they happen or guarantee you’ll exit in time.

What protocols can I monitor? Anything tracked by DeFi Llama — thousands of protocols across Ethereum, Solana, Arbitrum, Base, and more. You set the watchlist in the script.

Risks & Disclaimer

This setup has real limitations. TVL data from DeFi Llama has a delay — usually 1-5 minutes, but sometimes more. By the time a major exploit is showing in TVL numbers, the damage may already be done.

Claude can misinterpret data. I’ve had false positives. Treat alerts as prompts to investigate, not automatic sell signals.

Nothing here is financial advice. This is what I built for myself after losing $3K in a market I thought I understood. Your situation, risk tolerance, and technical setup are different from mine. Crypto is volatile, DeFi carries smart contract risk, and no monitoring bot changes that fundamental reality.

I’m not an expert. I’m just a dad with a spreadsheet, a surfboard, and now a bot that texts me when things look weird.

Passive income isn’t lazy money — it’s freedom money. But freedom money needs protection too.

Get Smarter About Passive Income

Weekly crypto yield picks + AI income strategies. Join readers.