Privacy-focused Aleo users concerned after KYC documents leak
Aleo, a blockchain platform focusing on zero-knowledge (zk) applications, has revealed its users’ information. Users raised concerns on the X social platform and informed the layer-1 (L-1) platform about the issue.
A user named @0xemirsoyturk claims that Aleo mistakenly sent Know Your Customer (KYC) documents to his email. These documents included selfies and ID card photos of another user, making him concerned about the security of his information.
Zero-knowledge layer-1 blockchain platforms focus on providing enhanced privacy and security for users. They employ zero-knowledge proof cryptographic techniques to enable transactions without revealing specific details, ensuring confidentiality.
Screenshot of Aleo user complaints on X. Source: @inversebrahThis privacy-centric approach makes it challenging for external parties to trace or access sensitive information, offering users greater control over their data. These platforms aim to enhance privacy in blockchain transactions, making them more secure and confidential for participants.
Another user, @Selim_jpeg, confirmed the claim, stating that he also got the KYC documents of another user in his email.
To claim a reward on Aleo, users must complete KYC/AML and pass the Office of Foreign Assets Control (OFAC) screening in accordance with Aleo’s internal policies. Users must complete this process when signing up for HackerOne — a third-party protocol to collect users’ unencrypted KYC data.
Related: Citrea raises $2.7M in seed funding to launch Bitcoin ZK-rollup
Mike Sarvodaya, the founder of Galactica, an L1 blockchain infrastructure, speaking to Cointelegraph, said that in a protocol design like this, one should never have theoretical access to the user data. He said:
“It’s ironic that a protocol for programmable privacy uses a third party to collect users’ unencrypted KYC data after that leaks to the public. Apparently, when your zk stack is so advanced, you might just forget how to practice basic opsec.”
According to Sarvodaya, The Aleo case ironically underscores the significance of creating storage and proof systems for sensitive data, like Personally Identifiable Information (PII), using zero knowledge or Fully Homomorphic Encryption (FHE). In such systems, protocol rules ensure that no single party can reveal stored data.
The Aleo mainnet is set to launch in the next few weeks; once some final bugs have been taken care of, to bring privacy to crypto transactions, as stated by Aleo Foundation Executive Director Alex Pruden in an interview with The Block.
Magazine: What did Satoshi Nakamoto think about ZK-proofs?
Disclaimer: The content of this article solely reflects the author's opinion and does not represent the platform in any capacity. This article is not intended to serve as a reference for making investment decisions.
You may also like
BitGo launches dedicated retail platform to buy, sell, trade, custody and stake crypto assets
BitGo has officially launched its dedicated retail platform, which provides global access to its regulated digital asset trading, staking, wallet, and qualified custody services.
Global Ethereum investment products hit $2.2 billion annual inflow record amid US ETF surge
Ethereum-based investment products registered $634 million worth of net inflows globally last week, led by the U.S. spot ETFs, according to CoinShares.As a result, Ethereum funds reached a new annual record of $2.2 billion in net inflows, surpassing the $2 billion peak in 2021.Meanwhile, XRP funds hit a weekly inflow record, while Bitcoin products witnessed outflows.
Analyst Highlights 5 Cryptocurrencies with Potential for Appreciation by 2025
Bernstein believes SEC approval for Ethereum ETF staking yield