Asset Control, Recovery, and Governance in OISY Wallet

Can OISY access the private keys of native assets? Who controls the assets?

The private keys do not physically exist and thus OISY cannot access them. Assets are controlled by a distributed cryptographic threshold protocol on the Internet Computer. This means no individual entity—including OISY—can ever gain full control over the key. Each user has sole authority over their assets and can exercise their control via the NNS-controlled Chain Fusion Signer canister and their Internet Identity. Only when a user explicitly authorizes a transaction to be signed, will the network run the cryptographic protocol to create a signature on the user’s behalf. This robust, decentralized design highlights OISY’s core strength: ensuring user sovereignty over assets while maintaining top-tier security and releaving the user from managing cryptographic keys.

Who manages OISY canisters? What happens to assets if canisters run out of cycles?

OISY’s frontend (cha4i-riaaa-aaaan-qeccq-cai) and backend (doked-biaaa-aaaar-qag2a-cai) canisters are managed by the OISY Wallet development team, with updates undergoing rigorous code reviews and multi-level approvals. Meanwhile, the Chain-Fusion Signer canister (grghe-syaaa-aaaar-qabyq-cai) and all Internet Identity canisters are governed by the Network Nervous System (NNS). Their code updates are of course also rigorously reviewed.

Critically, user assets always reside on their respective ledgers on the respective blockchains rather than within these canisters. Even if OISY canisters were to be removed or replaced, the underlying assets remain secure and can be accessed by their owners again once new or replacement canisters are deployed.

If an OISY canister would deplete its cycles, it would simply become “frozen,” meaning the Internet Computer stops scheduling it until it’s refueled with cycles—a process that anyone can perform. However, the OISY Wallet team has procedures in place to always keep canisters fuelled, ensuring reliable and continuous access to assets.

What happens to wallet assets if the domain OISY.com expires or is hacked?

The domain OISY.com serves merely as a human-friendly pointer to the onchain frontend canister. Should the domain expire or be compromised and pointed elsewhere, the integrity of the assets remains intact as transfers can only be executed upon owner authorization via their Internet Identity.

Can I access the private keys of Ethereum/Bitcoin/Solana wallets?

OISY Wallet uses the Internet Computer’s cryptographic threshold protocols as well as key derivation. Therefore it is not possible to extract the private keys. This innovative design strengthens security while preserving user sovereignty over Ethereum, Bitcoin, and Solana assets and relieves the user from the difficult and error prone task of managing and securing cryptographic keys.

What are the Recovery Options in OISY?

OISY Wallet is fully open-source, allowing users to run a local version of the codebase and maintain independent access to their assets, even without oisy.com or the official canisters. Transaction signing occurs through the ChainFusion Signer with authorization via Internet Identity, both of which are controlled by the Network Nervous System (NNS), one of the largest DAOs globally..

Because your Internet Identity ultimately governs access to your funds, the most important recovery measure is to safeguard your Internet Identity. We recommend adding backup devices such as a YubiKey to your Identity and make use of the passkey recovery mechanisms that Apple and Google offer for their devices. This ensures you have multiple ways to securely restore access to your OISY-managed assets.

Will the community be able to participate in project governance?

Currently, development is managed by the OISY Wallet team, incubated by the DFINITY Foundation. For projects built on the Internet Computer—like OISY Wallet—there is a strong push toward decentralization. The community can expect future developments in this area—stay tuned.