Zero-Risk Crypto 2: OKXWallet and Moving Crypto

In the first part of Zero-Risk Crypto SecureWeb3 ran through setting up a browser wallet and putting some zero-risk or test crypto into it. To get some use from our crypto we need to move it around.  To start off we will send it to ourselves.  This is also a good opportunity to try out another wallet offering; create an account on that and move crypto to and forth. That wallet must also support our virtual currency SepoliaETH.  OKXWallet works as an extension for Chrome and Firefox in a similar fashion to MetaMask.  It satisfies our test criteria of not requiring any personal data to set it up and supporting our chosen test currency Sepolia.

Like MetaMask it will appear in the extensions tab of Firefox when installed. The first step will be to create a new wallet:

Exactly like MetaMask OKXWallet first asks for a password to be created.  It was happy to accept the simple password ‘abcdef’ with only a warning that this was a weak password. 

SecureWeb3 would never recommend accepting such a simple password.  The function of this password in OKXWallet and in MetaMask appears to be extremely limited.  If a wallet is to be used as a browser add-on then any user is likely to store such a password within the browser and no matter how contrived it will only be as secure as the browser account itself.

OKXWallet prompts to back up the wallet; the password then needs to be entered but the user is now presented with a set of 12 English words (the same count as MetaMask). 

Three of these words then need to be selected together with their order in the word list to back up the wallet.  Choosing the order of 3 (out of 9 presented) is considerably less secure than in the MetaMask example where again the order of 3 key words are required but none of the original 12 seed phrase words are shown on the screen.  With the selection on screen of 3 out of 9 items OKXWallet could be guessed with a probability based on nCr of 1/504.  Without seeing its original seedlist MetaMask would be almost impossible to crack by guesswork.

Both OKXWallet and MetaMask behave (at least in Firefox) as pop-ups that vanish when the Window loses focus.  MetaMask has an expanded view that displays in a full tab but only shows a sub-set of the wallet’s functions and settings. The OKXWallet pop-up made it impossible to view a screen shot of the list of key words at the same time that OKXWallet asked for the order of 3 of those words to be recognised.  The easy way out was to print out a screen shot but that is hardly secure.  With MetaMask the key word list could be copied into a text editor for at least some initial privacy.  The user is supposed to write down crypto wallet key word phrases and store them securely off-line.  It is quite probable that many users skip this step.

To move crypto between the 2 wallets they both need to access the same currency network. To connect to our test currency Sepolia within OKXWallet a change has to be made in settings to connect to a custom network.

The Sepolia network will then become available although the default is Goerli which as mentioned previously we will be staying away from for privacy reasons.

OKXWallet gives the option to connect directly to the Sepolia faucet (or tap as we say in the UK).  It is no surprise that as with MetaMask this link is dead.  So return to the direct link to Sepolia to mine some funds.   Take care to add the wallet address from OKXWallet not that from MetaMask.

The simple plan is to mine some Sepolia in the OKXWallet wallet then move crypto back and forth to and from the MetaMask wallet. Here is some Sepolia being sent from OKXWallet to MetaMask (in the ‘To’ box is the MetaMask wallet address):

The system confirms that this has been done (or at least it is trying to do it).

Moving to MetaMask it arrives, the OKXWallet address is in the receive box.

To be absolutely sure there is a link within the transaction details to see the more information from the Blockchain (select view on block explorer from, within the transaction details). Both the address of sender and receiver are displayed in full together with the fees and a short clear text message we added as absolute proof that this is our transaction.

Sending SepoliaETH back to OKXWallet from MetaMask first check how much crypto that OKXWallet wallet starts with:

Sending 0.1 from MetaMask keeping the maths easy:

MetaMask asks to confirm the transaction and the SepoliaETH appears in OKXWallet but there are no recorded details of this in OKXWallet only in MetaMask

Further details of the transaction can be seen on the Sepolia block explorer:

There is a link to this and previous transactions within MetaMask but despite the presence of a ‘History’ tab this information does not show up in OKXWallet. Without knowing the balance before the transaction or watching the screen as the balance changes there is no way to be sure that a transaction has run through OKXWallet.

It should be clear from this example and for the purpose of testing out crypto and browser wallets MetaMask is a more secure and easier solution to work with than OKXWallet. On the plus side we can see that crypto currencies are independent of the wallets used to store them and that deatils of transaction on the Blockchain are stored independently of the wallets themselves.

Leave a Comment

Your email address will not be published. Required fields are marked *