Asset Control, Recovery, and Governance in OISY Wallet
Last updated
Last updated
The private keys do not physically exist and thus OISY cannot access them. Assets are controlled by a distributed . This means no individual entity—including OISY—can ever gain full control over the key. Each user has sole authority over their assets and can exercise their control via the NNS-controlled canister and their . Only when a user explicitly authorizes a transaction to be signed, will the network run the cryptographic protocol to create a signature on the user’s behalf. This robust, decentralized design highlights OISY’s core strength: ensuring user sovereignty over assets while maintaining top-tier security and releaving the user from managing cryptographic keys.
Critically, user assets always reside on their respective ledgers on the respective blockchains rather than within these canisters. Even if OISY canisters were to be removed or replaced, the underlying assets remain secure and can be accessed by their owners again once new or replacement canisters are deployed.
If an OISY canister would deplete its cycles, it would simply become “frozen,” meaning the Internet Computer stops scheduling it until it’s refueled with cycles—a process that anyone can perform. However, the OISY Wallet team has procedures in place to always keep canisters fuelled, ensuring reliable and continuous access to assets.
The domain OISY.com serves merely as a human-friendly pointer to the onchain frontend canister. Should the domain expire or be compromised and pointed elsewhere, the integrity of the assets remains intact as transfers can only be executed upon owner authorization via their Internet Identity.
OISY Wallet uses the Internet Computer’s cryptographic threshold protocols as well as key derivation. Therefore it is not possible to extract the private keys. This innovative design strengthens security while preserving user sovereignty over Ethereum, Bitcoin, and Solana assets and relieves the user from the difficult and error prone task of managing and securing cryptographic keys.
Because your Internet Identity ultimately governs access to your funds, the most important recovery measure is to safeguard your Internet Identity. We recommend adding backup devices such as a YubiKey to your Identity and make use of the passkey recovery mechanisms that Apple and Google offer for their devices. This ensures you have multiple ways to securely restore access to your OISY-managed assets.
Currently, development is managed by the OISY Wallet team, incubated by the DFINITY Foundation. For projects built on the Internet Computer—like OISY Wallet—there is a strong push toward decentralization. The community can expect future developments in this area—stay tuned.
OISY’s frontend (cha4i-riaaa-aaaan-qeccq-cai) and backend (doked-biaaa-aaaar-qag2a-cai) canisters are managed by the OISY Wallet development team, with updates undergoing rigorous code reviews and multi-level approvals. Meanwhile, the canister (grghe-syaaa-aaaar-qabyq-cai) and all Internet Identity canisters are governed by the Network Nervous System (NNS). Their code updates are of course also rigorously reviewed.
OISY Wallet is fully , allowing users to run a local version of the codebase and maintain independent access to their assets, even without oisy.com or the official canisters. Transaction signing occurs through the ChainFusion Signer with authorization via Internet Identity, both of which are controlled by the Network Nervous System (NNS), one of the largest DAOs globally..
