OKX Wallet: How to Maintain a Zero Security Incident Record?

Original Title: "How does OKX Wallet achieve 7X24 security monitoring?"

Introduction: Reviewing three years of dynamics, exploring the security landscape of OKX Wallet

The security and innovation of Web3 wallets is not a "To be or not to be" dilemma that Hamlet struggles with.

Good product innovation is built on good security; security is the cornerstone of all technological innovation. OKX Web3 Wallet is one of the best wallets in terms of innovation and security, pioneering multiple exclusive features while maintaining a zero-security-incident record, providing 7X24 security monitoring for user assets. "What we think about every day is how to make the wallet safer," said Neil, product manager of OKX Web3 Wallet.

Within OKX, product security is their "non-negotiable bottom line," which is deeply reflected in the development of all OKX product lines. They continuously achieve zero security incidents in DeFi operations through careful practices, while also enhancing CeFi operations to meet traditional financial audit standards, doing everything possible to ensure product security.

On July 27, overseas Twitter user Jack Davis praised OKX's continuous public reserve proof and the practice of allowing users to verify at any time, which made him feel much more secure. OKX CEO Star promptly retweeted this post and commented, "There are many scammers in the cryptocurrency space; they talk about visions like gentlemen in public but steal baby bottles in private. Empty talk is cheap; technology does not lie." This is the style of OKX: no pretty words, just using technology to achieve self-verification of security.

Web3 is fundamentally a trust game, and product security is the iron law of survival. Without this awareness, one is destined to be beaten. OKX has not been beaten; instead, it has become a model for industry builders.

How does OKX conduct its security layout? For many users, this remains an "unknown territory." Next, we will take the zero-security-incident record of OKX Web3 Wallet as the main line and its security features as fragments to restore the full picture of its "security foundation," gaining insight into its strategic layout.

Analyzing the security pain points of Web3 wallets: How OKX Web3 Wallet tackles them one by one

As more users celebrate the ownership revolution brought by Web3 wallets, they also fall into panic due to asset losses caused by lost or stolen private keys, airdrop scams, problematic contracts, phishing links, and more.

Currently, the security issues of Web3 wallets exhibit characteristics of diversity, complexity, and interrelation. It is not possible to detail every security issue here; we will mainly focus on the current major security problems. Web3 wallets can primarily be categorized into two types: wallet security itself and on-chain usage security.

Wallet security issues can also be divided into two categories: from the user perspective, the main issues are the loss or theft of private keys; from the wallet perspective, it is more about the misappropriation of user private keys and insider theft.

On-chain usage security issues mainly fall into one category: user security problems caused by contract vulnerabilities, malicious scam signatures, authorizations, and other third-party factors.

How does OKX Web3 Wallet tackle these security issues one by one?

Regarding whether there is a "self-theft" issue, OKX Web3 Wallet adopts a very candid approach—open source. Currently, it includes a fully open-source multi-chain signature SDK, open-source core algorithms for MPC keyless wallets, open-source AA wallets, and open-source BRC20-S. The biggest advantage of open source is that programmers worldwide can verify the code, audit for vulnerabilities, and check for backdoors, allowing everyone to complete the security proof for them, without ever taking user private keys, thus maximizing user trust. Moreover, on a deeper level, it directly demonstrates their responsibility and commitment as a leading Web3 technology company, contributing to industry development and invisibly enhancing brand reputation, which is more effective than any advertisement.

In terms of user private key loss, OKX Web3 Wallet has launched various mnemonic/private key backup methods, including iCloud/Google Drive cloud storage, manual, and hardware options, to ensure that user private keys do not get lost, making it the wallet with the most comprehensive private key backup methods on the market. Regarding the issue of stolen private keys, OKX Web3 Wallet supports the most comprehensive mainstream hardware wallet functionalities, such as Ledger, Keystone, and Onekey, to ensure that user private keys are not stolen. The private keys of hardware wallets are always stored only in the hardware wallet device, controlled by the user, thus ensuring asset security. This means that OKX Web3 Wallet allows users to securely manage their assets through hardware wallets while freely participating in on-chain token trading, NFT markets, and various dApp interactions.

While these two features are beneficial, they do not fundamentally solve the issues of lost or stolen private keys. What to do? Then create a wallet that does not require private keys. OKX began to leverage technological innovation and product "specialties," pouring efforts into the pioneering development of MPC keyless wallets and AA smart contract wallets that can recover private keys through social means.

On April 4, 2023, OKX Web3 Wallet officially launched the MPC keyless wallet, which is developed based on MPC technology and supports 37 public chains. It is the first 2/3 multi-chain keyless wallet on the market and pioneered an emergency exit feature, allowing users to export private keys and withdraw assets in emergency scenarios using two private key shards managed entirely by themselves, achieving a truly decentralized self-custody keyless wallet. With the OKX MPC keyless wallet, users no longer need to manage complex private keys or mnemonics, significantly lowering the usage threshold. Within just two weeks of launch, the number of created users exceeded 100,000.

On August 2, OKX Web3 officially launched the AA smart contract wallet, which will soon support social recovery functionality, meaning that even if users lose their private keys, the assets in the wallet remain secure, and users can regain account access through social recovery. Additionally, the AA smart contract wallet addresses the issue of private key loss while elevating the wallet's convenience, functionality, and user experience to new industry standards, bringing us closer to the era of large-scale adoption of Web3 wallets. Currently, the OKX AA smart contract wallet has also open-sourced its smart contract code, covering seven popular public chains: Ethereum, Arbitrum, Polygon, Optimism, BNB Chain, and Avalanche, aiming to enhance the security and transparency of its Web3 wallet.

Thus, OKX Web3 Wallet has completed the transformation from "prevention to cure" regarding its inherent security issues. After dismantling the first category of security problems, let’s discuss the second category: on-chain usage security issues.

On-chain usage security issues for Web3 wallets are akin to telecom fraud issues, which do not fall under product security but are primarily caused by third parties. However, OKX Web3 Wallet has made this a priority, building a robust protection system, the most formidable of which is the ------KYT (Know Your Transaction) security system, providing 7X24 protection for Web3 wallet users.

Due to the numerous functions involved in this system, which is continuously being upgraded, we will only discuss a few of the more important features here.

One of the functions of this system is risk authorization reminders. The current system has a label library of over 3.2 billion on-chain addresses, which is continuously updated, allowing effective risk detection and automatic alerts when users interact with malicious addresses or suspicious transactions. According to Neil, product manager of OKX Web3 Wallet, in the future, address labels will be processed in layers: whitelist addresses will receive ordinary prompts, graylist addresses will receive ordinary risk prompts, and blacklist addresses will be directly intercepted.

For example, when users encounter Pi Xiu schemes, phishing websites, etc., the KYT security system will automatically identify and provide risk warnings, preventing users from engaging in risky transactions.

Another feature is the one-click authorization management function, which is relatively easy to understand. If users make erroneous operations involving risky contract authorizations during on-chain interactions, they can use OKX Web3 Wallet to manage risky contract authorizations with one click, regularly cleaning up risks and avoiding pitfalls in advance.

Lastly, there is a key feature that Neil mentioned is under development but has not yet officially launched—pre-execution. This means that users can pre-execute the data that is about to be put on-chain before signing a transaction, and the system will display potential risks, avoiding blind signing scams.

Surprisingly, OKX Web3 Wallet has recently supported Flashbot, protecting users from MEV (Miner Extractable Value) attacks. Users can click "More" in the ETH chain SWAP transactions of OKX Web3 Wallet and enable MEV protection, effectively preventing MEV attacks. OKX Web3 Wallet sends transactions to trusted third-party nodes (such as Flashbots private pools) instead of conventional transaction pools to ensure that the transaction order remains unchanged.

Whether it is wallet security itself or on-chain usage security issues, OKX Web3 Wallet has provided comprehensive protection for users, which is why they can maintain a zero-security-incident record in the industry for Web3 wallets.

Additionally, Neil revealed that OKX Web3 Wallet plans to continue strengthening its security protection system from the aspects of risk prevention, risk cleanup, and risk coverage, focusing on enhancing user education, upgrading wallet security types, and providing security coverage as three core functions, thereby upgrading to a new industry standard.

This is the full picture of the "security foundation" of OKX Web3 Wallet. They deeply understand that security is never 100%; it is about continuously adding layers of protection.

Security is the foundation of innovation for OKX Web3 Wallet; strategic height has never changed

Twitter user 0xUnicorn once posted that while dining with friends from OKX, they discussed how they invested in 400 people for over a year, a hard investment that no one else in the industry besides Binance can afford. The revolution of CEX is only a matter of time, and OKX has foreseen this; their Web3 wallet is already very advanced.

The investment in talent and funds is just the tip of the iceberg of the strategic height of OKX Web3 Wallet; the high-dimensional vision behind it is even more worth contemplating. The best way to foresee the future is to create it. A successful company must know who it is, where it comes from, and where it is going. As the second-largest cryptocurrency exchange globally, OKX is more sensitive to future trends and dares to explore. As the entry-level product that connects most heavily and frequently with users, OKX Web3 Wallet repeatedly achieves breakthrough innovations and is the core product of OKX's DeFi business, originating from the night before BTC reached a new high of $69,000 in 2021, and has been deeply rooted in the cryptocurrency industry for over two years during a prolonged bear market.

Today, OKX Web3 Wallet has grown into one of the most comprehensive, advanced, and user-friendly wallets in the industry, supporting over 70 public chains, with a unified app, plugin, and web interface covering five major areas: wallet, DEX, DeFi, NFT market, and DApp exploration. It also supports features such as the Ordinals market, creating MPC wallets, exchanging gas, iCloud/Google Drive mnemonic backups, custom networks, and connecting hardware wallets.

These features undoubtedly rely on the security foundation of the wallet; security is the foundation of all technological innovation. Losing security is like flowers in a mirror or the moon in water. From the analysis of the full picture of the "security foundation," it is not difficult to see that OKX Web3 Wallet places product security at a strategic height equal to product innovation. They deeply understand that only by basing on product security can user assets and privacy be guaranteed. It is evident that they are focused on solving user security pain points, maintaining a build mindset, and continuously promoting co-construction in the industry.

Although the current number of Web3 users has grown to hundreds of millions, the number of active users is only in the tens of millions, still in the early stages compared to traditional internet. As the entry point for user interactions on-chain, Web3 wallets are the key scenario for achieving large-scale adoption of Web3. In this narrative, higher demands are placed on the usability, stability, and security of Web3 wallets. Wallets should seize this opportunity to win with unique product advantages.

If the essence of product innovation is to maintain a leading position and navigate the "sea of Darwin," then the essence of security is to gain trust. For products involving user asset security, "trust is only given once; once broken, it is irreparable."

Imagine if an industry-leading entry like OKX Web3 Wallet is taken for granted, it can continue to exert strength, inevitably driving significant user growth in Web3 and generating immense value. Of course, this also poses great challenges to its technical capabilities, especially with the introduction of standards like ERC-4337. In addition to traditional EOA wallets, AA smart contract wallets, MPC wallets, and others will also experience rapid development. In the ever-changing cryptocurrency industry, only continuous rapid iteration can meet the growing demands of Web3 users.