diff --git a/packages/sdk38/src/secp256k1wallet.spec.ts b/packages/sdk38/src/secp256k1wallet.spec.ts
index 82a61e9d..e509e2e0 100644
--- a/packages/sdk38/src/secp256k1wallet.spec.ts
+++ b/packages/sdk38/src/secp256k1wallet.spec.ts
@@ -2,7 +2,7 @@ import { Secp256k1, Secp256k1Signature, Sha256 } from "@cosmjs/crypto";
 import { fromBase64, fromHex, toAscii } from "@cosmjs/encoding";
 
 import { extractKdfConfiguration, Secp256k1Wallet } from "./secp256k1wallet";
-import { base64Matcher, hexMatcher } from "./testutils.spec";
+import { base64Matcher } from "./testutils.spec";
 import { executeKdf, KdfConfiguration } from "./wallet";
 
 describe("Secp256k1Wallet", () => {
@@ -137,9 +137,6 @@ describe("Secp256k1Wallet", () => {
         },
         encryption: {
           algorithm: "xchacha20poly1305-ietf",
-          params: {
-            nonce: jasmine.stringMatching(hexMatcher),
-          },
         },
         data: jasmine.stringMatching(base64Matcher),
       });
@@ -165,9 +162,6 @@ describe("Secp256k1Wallet", () => {
         kdf: customKdfConfiguration,
         encryption: {
           algorithm: "xchacha20poly1305-ietf",
-          params: {
-            nonce: jasmine.stringMatching(hexMatcher),
-          },
         },
         data: jasmine.stringMatching(base64Matcher),
       });
diff --git a/packages/sdk38/src/secp256k1wallet.ts b/packages/sdk38/src/secp256k1wallet.ts
index 45c26924..65f09745 100644
--- a/packages/sdk38/src/secp256k1wallet.ts
+++ b/packages/sdk38/src/secp256k1wallet.ts
@@ -8,9 +8,8 @@ import {
   Slip10Curve,
   Slip10RawIndex,
   stringToPath,
-  xchacha20NonceLength,
 } from "@cosmjs/crypto";
-import { fromBase64, fromUtf8, toBase64, toHex, toUtf8 } from "@cosmjs/encoding";
+import { fromBase64, fromUtf8, toBase64, toUtf8 } from "@cosmjs/encoding";
 import { assert, isNonNullObject } from "@cosmjs/utils";
 
 import { rawSecp256k1PubkeyToAddress } from "./address";
@@ -295,7 +294,6 @@ export class Secp256k1Wallet implements OfflineSigner {
 
     const encryptionConfiguration: EncryptionConfiguration = {
       algorithm: supportedAlgorithms.xchacha20poly1305Ietf,
-      params: { nonce: toHex(Random.getBytes(xchacha20NonceLength)) },
     };
     const encryptedData = await encrypt(dataToEncryptRaw, encryptionKey, encryptionConfiguration);
 
diff --git a/packages/sdk38/src/wallet.ts b/packages/sdk38/src/wallet.ts
index ff5496a7..0b7bba0a 100644
--- a/packages/sdk38/src/wallet.ts
+++ b/packages/sdk38/src/wallet.ts
@@ -1,12 +1,14 @@
 import {
   Argon2id,
   Argon2idOptions,
+  Random,
   Sha256,
   Sha512,
   Slip10RawIndex,
+  xchacha20NonceLength,
   Xchacha20poly1305Ietf,
 } from "@cosmjs/crypto";
-import { fromHex, toAscii } from "@cosmjs/encoding";
+import { toAscii } from "@cosmjs/encoding";
 import { assert } from "@cosmjs/utils";
 
 import { StdSignature } from "./types";
@@ -102,7 +104,7 @@ export interface EncryptionConfiguration {
    */
   readonly algorithm: string;
   /** A map of algorithm-specific parameters */
-  readonly params: Record<string, unknown>;
+  readonly params?: Record<string, unknown>;
 }
 
 export const supportedAlgorithms = {
@@ -116,8 +118,12 @@ export async function encrypt(
 ): Promise<Uint8Array> {
   switch (config.algorithm) {
     case supportedAlgorithms.xchacha20poly1305Ietf: {
-      const nonce = fromHex((config.params as any).nonce);
-      return Xchacha20poly1305Ietf.encrypt(plaintext, encryptionKey, nonce);
+      const nonce = Random.getBytes(xchacha20NonceLength);
+      // Prepend fixed-length nonce to ciphertext as suggested in the example from https://github.com/jedisct1/libsodium.js#api
+      return new Uint8Array([
+        ...nonce,
+        ...(await Xchacha20poly1305Ietf.encrypt(plaintext, encryptionKey, nonce)),
+      ]);
     }
     default:
       throw new Error(`Unsupported encryption algorithm: '${config.algorithm}'`);
@@ -131,8 +137,8 @@ export async function decrypt(
 ): Promise<Uint8Array> {
   switch (config.algorithm) {
     case supportedAlgorithms.xchacha20poly1305Ietf: {
-      const nonce = fromHex((config.params as any).nonce);
-      return Xchacha20poly1305Ietf.decrypt(ciphertext, encryptionKey, nonce);
+      const nonce = ciphertext.slice(0, xchacha20NonceLength);
+      return Xchacha20poly1305Ietf.decrypt(ciphertext.slice(xchacha20NonceLength), encryptionKey, nonce);
     }
     default:
       throw new Error(`Unsupported encryption algorithm: '${config.algorithm}'`);
diff --git a/packages/sdk38/types/wallet.d.ts b/packages/sdk38/types/wallet.d.ts
index f2edb92d..c0818ef2 100644
--- a/packages/sdk38/types/wallet.d.ts
+++ b/packages/sdk38/types/wallet.d.ts
@@ -48,7 +48,7 @@ export interface EncryptionConfiguration {
    */
   readonly algorithm: string;
   /** A map of algorithm-specific parameters */
-  readonly params: Record<string, unknown>;
+  readonly params?: Record<string, unknown>;
 }
 export declare const supportedAlgorithms: {
   xchacha20poly1305Ietf: string;