X (formerly Twitter) reported that on February 25, Aleo, a decentralized blockchain platform, inadvertently disclosed certain user information. Known for its focus on zero-knowledge (ZK) cryptography, Aleo utilizes third-party protocols for Know Your Customer (KYC) procedures.
Emir Soytürk, a user of Aleo, revealed that he received KYC documents belonging to others in his email, raising concerns about the security of his personal information. Another user, Selim C, corroborated this claim, stating that they also received someone else's KYC documents via email.
To access Aleo rewards, users must fulfill KYC and Anti-Money Laundering (AML) requirements and undergo Office of Foreign Assets Control (OFAC) screening, as per Aleo's internal policies. This process is facilitated through HackerOne, a third-party protocol responsible for collecting users' unencrypted KYC data.
Aleo's ZK-first-layer blockchain platform prioritizes privacy and security by leveraging ZK-proof cryptography to conduct transactions without exposing specific details, thus ensuring confidentiality. This privacy-centric approach enhances user control over their data and protects them from unauthorized access.
Mike Sarvodaya, founder of Galactica, a layer-1 blockchain infrastructure, emphasized the irony of protocols designed for programmable privacy inadvertently exposing user data to the public. He highlighted the necessity of implementing robust storage and attestation systems for sensitive data, such as personally identifiable information (PII), based on ZK or fully homomorphic encryption (FHE). Sarvodaya stressed the importance of ensuring that protocol rules prevent any party from leaking stored data.
According to Alex Pruden, executive director of the Aleo Foundation, the Aleo mainnet is poised for launch in the coming weeks, aiming to introduce privacy to cryptocurrency transactions once final bugs are addressed.
