Security Audit Report Collection for OKX Wallet

Introduction

In the rapidly evolving world of Web3 and decentralized finance (DeFi), security remains the top priority for users and platforms alike. OKX Wallet has undergone rigorous security audits by leading firms like CertiK and SlowMist to ensure the highest standards of safety and reliability. This comprehensive report details the scope, findings, and resolutions from these independent audits.

CertiK Security Audits

Mobile App and Front-End Components

The front-end, mobile (iOS/Android), and SDK components of OKX Wallet have successfully passed CertiK's security audit. The audit covered:

• Mobile App Source Code: Including iOS and Android modules for wallet creation/import, password management, and cloud backup.
• Front-End Module: ReactJS UI components and JS controllers for wallet functionality.
• Wallet SDK Modules: Bitcoin SDK, okwallet-core, and SRC.

Findings:
CertiK identified 5 security issues—3 low-risk and 2 undetermined risk—all of which have been resolved.

👉 Read the full CertiK audit report

Threshold-lib and Main Contracts

• Threshold-lib: Passed CertiK's audit, ensuring secure cryptographic operations.

• Main Contracts: Audited components include:

  • DexRouter: Facilitates cross-DEX asset trading.
  • OkxNFTMarketAggregator: Enables multi-market NFT trading.
  • Entrance: Executes instructions via registered adapters.
  • UniswapV2AdapterMain: Allows LP staking on MasterChef.

Result: Low-risk with all issues fixed.

Solana Marketplace

OKX's Solana NFT marketplace also received a low-risk rating post-audit.

SlowMist Security Audits

MPC Wallet for Android

OKX's MPC (Multi-Party Computation) Wallet achieved a low-risk rating after SlowMist's audit, which flagged:

• 9 suggestions.
• 1 low-risk vulnerability (fixed).

Ord and AA Account

• Ord Protocol: Passed with 7 low-risk and 3 suggestion vulnerabilities addressed.
• Account Abstraction (AA): Low-risk rating post-audit.

Private Key Module

Critical highlights:

• Private keys/seed phrases remain exclusively on user devices.
• No external server uploads.

👉 View SlowMist's official announcement

Conclusion

OKX Wallet's commitment to security is demonstrated through:

• Transparency: Full audit reports publicly available.
• Proactive Fixes: All identified issues resolved promptly.
• User-Centric Design: Secure key management and cross-chain functionality.

As Web3 evolves, OKX continues to enhance its wallet services, offering a safe gateway to DeFi, NFTs, and multi-chain ecosystems.

FAQs

1. How often does OKX Wallet undergo security audits?

OKX collaborates with top firms like CertiK and SlowMist for regular audits, typically before major updates or new feature releases.

2. Are my private keys ever stored on OKX servers?

No. Private keys and seed phrases are encrypted and stored only on your device.

3. What should I do if I find a potential security issue?

Report it immediately via OKX's official channels for bounty eligibility.

4. Does OKX Wallet support hardware wallets?

Yes, OKX integrates with leading hardware wallets for added security.

5. How are audit results verified?

All findings are reviewed by independent auditors and confirmed by OKX's engineering team before resolution.

For more details, explore our 👉 security resources.