Privacy-focused Aleo users concerned after KYC documents leak
Decentralized blockchain platform Aleo has revealed some users’ information on Feb. 25, according to reports on the X (formerly Twitter). The platform focuses on zero-knowledge (zk) cryptography and uses a third-party protocol for Know Your Customer (KYC).
A pseudonymous user named @0xemirsoyturk said Aleo mistakenly sent KYC documents to his email. These documents included selfies and ID card photos of another person, making him concerned about the security of his own information.
Another user, @Selim_jpeg, confirmed the claim, stating that he also got the KYC documents of another person in his email.
To claim a reward on Aleo, users must complete KYC/AML and pass the Office of Foreign Assets Control (OFAC) screening in accordance with Aleo’s internal policies. Users must complete this process when signing up for HackerOne — a third-party protocol to collect users’ unencrypted KYC data.
Screenshot of Aleo user complaints on X. Source: @inversebrahRelated: Citrea raises $2.7M in seed funding to launch Bitcoin ZK-rollup
Zero-knowledge layer-1 blockchain platforms focus on providing enhanced privacy and security for users. They employ zero-knowledge proof cryptographic techniques to enable transactions without revealing specific details, ensuring confidentiality.
This privacy-centric approach makes it challenging for external parties to trace or access sensitive information, offering users greater control over their data. These platforms aim to enhance privacy in blockchain transactions, making them more secure and confidential for participants.
Cointelegraph spoke to Mike Sarvodaya, the founder of Galactica, a layer-1 blockchain infrastructure, who explained that such a protocol should never theoretically allow access to user data. He said:
“It’s ironic that a protocol for programmable privacy uses a third party to collect users’ unencrypted KYC data after that leaks to the public. Apparently, when your zk stack is so advanced, you might just forget how to practice basic opsec.”
According to Sarvodaya, the Aleo case ironically underscores the significance of creating storage and proof systems for sensitive data — like Personally Identifiable Information (PII) — based on zero knowledge or fully homomorphic encryption (FHE). In such systems, protocol rules must ensure that no single party can reveal stored data.
The Aleo mainnet is set to launch in the next few weeks, once some final bugs have been taken care of, to bring privacy to crypto transactions, as stated by Aleo Foundation executive director Alex Pruden in an interview with The Block.
Magazine: What did Satoshi Nakamoto think about ZK-proofs?
Disclaimer: The content of this article solely reflects the author's opinion and does not represent the platform in any capacity. This article is not intended to serve as a reference for making investment decisions.
You may also like
BitGo launches dedicated retail platform to buy, sell, trade, custody and stake crypto assets
BitGo has officially launched its dedicated retail platform, which provides global access to its regulated digital asset trading, staking, wallet, and qualified custody services.
Global Ethereum investment products hit $2.2 billion annual inflow record amid US ETF surge
Ethereum-based investment products registered $634 million worth of net inflows globally last week, led by the U.S. spot ETFs, according to CoinShares.As a result, Ethereum funds reached a new annual record of $2.2 billion in net inflows, surpassing the $2 billion peak in 2021.Meanwhile, XRP funds hit a weekly inflow record, while Bitcoin products witnessed outflows.
Analyst Highlights 5 Cryptocurrencies with Potential for Appreciation by 2025
Bernstein believes SEC approval for Ethereum ETF staking yield