Aleo Blockchain Platform Accidentally Exposes Users' KYC Data, Underlines Need for Secure Systems
Summary:
The blockchain platform Aleo reportedly exposed users' information, including Know Your Customer (KYC) documents. Users raised the issue on a social platform, citing concerns for their security and privacy as the documents were mistakenly sent to other users' emails. Founder of an L1 blockchain infrastructure, Mike Sarvodaya noted the irony of a privacy-focused platform inadvertently exposing user data. The incident underscores the need for secure storage and proof systems for sensitive data. The Aleo mainnet is slated to launch in the coming weeks, aiming to bolster privacy in crypto transactions.
The blockchain platform Aleo, known for its zero-knowledge (zk) applications, has inadvertently exposed its users' data. This flaw was highlighted by users on the X social platform, who expressed concerns to the layer-1 (L-1) platform. A user identified as @0xemirsoyturk reported that Aleo had erroneously sent Know Your Customer (KYC) documents to his email address, including another user's selfies and ID card images, leading him to worry about the security of his own information. L-1 blockchain platforms that employ zero-knowledge proof cryptography prioritize user security and maintain privacy by concealing particular details of transactions. Photo of user complaints against Aleo on X. Source: @inversebrahThrough this privacy-focused method, sensitive user information is shielded from third parties, giving users control over their data. Such platforms strive to increase the discretion of blockchain transactions, enhancing security. @Selim_jpeg, another user, corroborated @0xemirsoyturk's account, attesting that he also received KYC documents of another user via email. Claiming a reward on Aleo necessitates the completion of KYC/AML and passing the Office of Foreign Assets Control (OFAC) screening, conforming to Aleo's internal rules. This is also required when users register for HackerOne, a separate protocol collecting unencrypted KYC data from users. Related: Citrea secures $2.7M in seed funding for Bitcoin ZK-rollup launch. Mike Sarvodaya, founder of Galactica, an L1 blockchain infrastructure, told Cointelegraph that, in such a protocol design, access to user data should theoretically be impossible. He said, "It's paradoxical that a protocol dedicated to programmable privacy uses a third party to gather users’ unencrypted KYC data, which has now been leaked. It seems that with high-level zk technology, one can unintentionally overlook basic operational security practices." According to Sarvodaya, the Aleo incident coincidentally highlights the need to develop storage and proof systems to secure sensitive data such as Personally Identifiable Information (PII) using zero-knowledge or Fully Homomorphic Encryption (FHE). In these systems, the protocol prevents the exposure of any stored data by any party. The Aleo mainnet is anticipated to launch in the upcoming weeks, following resolution of some final glitches. Aleo Foundation Executive Director Alex Pruden reassured during an interview with The Block that this development is aimed at bolstering privacy in crypto transactions. Magazine: Satoshi Nakamoto's views on ZK-proofs - what was they?
Published At
2/25/2024 4:54:32 PM
Disclaimer: Algoine does not endorse any content or product on this page. Readers should conduct their own research before taking any actions related to the asset, company, or any information in this article and assume full responsibility for their decisions. This article should not be considered as investment advice. Our news is prepared with AI support.
Do you suspect this content may be misleading, incomplete, or inappropriate in any way, requiring modification or removal?
We appreciate your report.