EOPEN

Security at EOPEN: Non-Custodial Energy Delegation

Short answer: EOPEN delegates Energy/Bandwidth directly to your own TRON address and never needs your private keys, seed phrase, or token approvals. Every delegation is publicly verifiable on TronScan, and the API is secured with an API key + IP allowlist + on-chain tx-hash confirmation. The only official domain is https://eopen.io.

See Official Channels

Why Non-Custodial Matters

We delegate resources — we never touch your keys

This page explains EOPEN’s security model: non-custodial delegation, on-chain verifiability, a hardened API, and how to spot phishing and impersonation.

0
Private Keys Needed
100%
On-Chain Verifiable
eopen.io
Only Official Domain
IP + Key
API Access Control

Four Security Pillars

Non-Custodial

Resources are delegated to your address — the platform never touches keys, seed phrases, or assets

On-Chain Verifiable

Every Energy delegation maps to a real transaction you can inspect on TronScan

Hardened API

API key + IP allowlist, with orders confirmed by on-chain tx hashes and webhook callbacks

Anti-Phishing

We never DM first and never ask for keys or approvals — always confirm the domain is exactly https://eopen.io

Security stance: EOPEN (operated by EOPEN Solutions Inc.) provides non-custodial TRON Energy/Bandwidth delegation. A USDT TRC-20 transfer needs about 64,285 Energy (hot) or about 130,285 Energy (cold), plus about 350 Bandwidth; versus burning TRX directly (6.4-13 TRX), renting saves up to 80%. All of these resources are delegated to your own address.

Official domains: The only official primary domain is https://eopen.io (API: api.eopen.io, docs: docs.eopen.io).

Last updated: 2026-05-28. Energy figures are anchored to the TRON official protocol parameter getEnergyFee = 100 sun/Energy; actual on-chain consumption can vary slightly with contract state and network parameters.

Non-Custodial ModelResources delegated to your address
01

We delegate to your address

Energy and Bandwidth are delegated directly to the TRON receiving address you enter. Delegation is TRON’s native resource grant — a provider stakes TRX to produce resources and temporarily authorizes your address to use them, while the underlying TRX always stays with the provider. The tokens and permissions in your address are completely unaffected.

02

We never need your keys

The entire delegation flow requires no private key, no seed phrase, and no signed approval. EOPEN neither stores nor can access any of these — and unlike a TRC-20 approve, delegation never reads or moves any token in your address.

03

Everything is on-chain checkable

Every delegation produces a DelegateResourceContract record on the TRON chain showing the amount and the delegating party. You do not have to trust any dashboard number: open TronScan, search your address, and verify it yourself.

Verify an Energy Delegation on TronScan

The biggest benefit of non-custodial is that you do not have to trust us — you can check for yourself. Every delegation is a public on-chain transaction; the four steps below show how to confirm it independently on TronScan.

  1. Open TronScan and search your addressGo to tronscan.org and paste your TRON receiving address (the one you entered when ordering) into the search box.
  2. Check the "Resources" tabOn the address page, find the Energy row and confirm the Energy balance reflects the delegated amount.
  3. Locate the delegation transactionIn the transaction list, filter for the DelegateResource transaction type and verify the delegated amount and source address.
  4. Cross-check with the order tx hashAfter ordering, EOPEN returns an on-chain transaction hash (tx hash). Paste it into TronScan to confirm the delegation matches your order.

API Security: Key + IP Allowlist + On-Chain Confirmation

The enterprise API for exchanges, wallets, payments, and OTC desks hardens access on several layers:

  • An API key authenticates requests — treat it like a password and rotate it in the console if it leaks.
  • An IP allowlist restricts calls to the server IPs you pre-register, sharply reducing risk even if a key is exposed.
  • Each order returns an on-chain transaction hash (tx hash) so you can cross-check the real delegation on TronScan.
  • Order status is pushed via webhook callbacks so your backend can reconcile automatically.

Typical delegation sizes: rent 65,000 Energy for a hot address and 131,000 Energy for a cold address — each delegation is equally on-chain verifiable. Burning TRX directly costs about ~6.4 TRX (hot) to ~13 TRX (cold) per transfer; delegated rental cuts that cost while staying fully non-custodial.

User Safety: Avoiding Phishing

Because the protocol itself never touches your funds, almost all losses come from phishing and impersonation. Follow these principles.

Do

  • Only operate on https://eopen.io and read the address bar character by character.
  • Verify every delegation independently on TronScan using its tx hash.
  • Enable the IP allowlist for the enterprise API and keep your API key secret.
  • For official support, reach out first to @eopenio or [email protected].

Do Not

  • Never reveal your private key or seed phrase to anyone — EOPEN never asks.
  • Do not trust any "support agent" who DMs you first; EOPEN never DMs first.
  • Do not connect your wallet on look-alike or misspelled domains.
  • Energy delegation needs no approve — being asked to authorize one is a red flag.

Related

Verify official channelsEnterprise APIFAQHow much energy for a USDT transfer

Security FAQ

Does EOPEN ever get my private key or seed phrase?

No. EOPEN uses a non-custodial resource-delegation model: the platform delegates Energy/Bandwidth to your own TRON address, and the process never needs — and cannot obtain — your private key, seed phrase, or token approvals. Your assets stay in your own wallet at all times.

How do I verify that an Energy delegation is real?

Open TronScan, search for your receiving address, and look under "Resources" or the transaction history for a DelegateResourceContract transaction. It shows the amount of Energy delegated to your address and the delegating party. Delegation is a public on-chain record anyone can independently confirm — you do not have to trust EOPEN’s backend.

Why does delegating Energy not require a token approval?

TRON resource delegation is a network-level mechanism: a provider stakes TRX and temporarily grants the resulting Energy/Bandwidth to your address, while the underlying TRX still belongs to the provider. This is completely different from a TRC-20 token approve — it never touches any token in your address, so there is nothing for you to authorize.

What secures the API integration?

The enterprise API authenticates with an API key and supports an IP allowlist, so only servers at IPs you pre-register can call it. Every order returns an on-chain transaction hash (tx hash) you can verify, and order status is pushed via webhook callbacks. That means you can cross-check each delegation against on-chain data instead of trusting the API response alone.

Will EOPEN DM me first or message me in groups?

No. EOPEN never DMs users first and never asks for your private key, seed phrase, or token approvals. Any account that messages you first, asks for a seed phrase, or tells you to "verify your wallet" is an impostor. For official support, reach out to us first via Telegram @eopenio (https://t.me/eopenio) or email [email protected].

How do I confirm I am on the official site?

The only official primary domain is https://eopen.io; the API is api.eopen.io and the docs are docs.eopen.io. Check that the address bar reads exactly eopen.io and beware of look-alike domains. The official Telegram channel is https://t.me/eopen_channel and support is @eopenio.

Even so, is there any risk to renting Energy?

Because resource delegation never touches your funds, the biggest risk is phishing and impersonation, not the protocol itself. Best practice: only operate on https://eopen.io, verify each delegation’s on-chain record, enable the IP allowlist for the API, and never reveal your private key or seed phrase to anyone. Actual on-chain consumption can vary slightly with contract state and network parameters; final cost is always whatever the chain charges at execution plus the live order quote.