Zero-knowledge chain Aleo faces privacy leak issues

8 months ago 44
ARTICLE AD

A private post claims that Aleo mistakenly sent Know Your Customer (KYC) documents to their.

Aleo, a blockchain platform focusing on zero-knowledge (zk) applications, has revealed its users’ information. Users raised concerns on social media and informed the layer-1 (L1) platform about the issue.

Emir Soytürk, a developer involved with the Ethereum Foundation’s Devconnect workshops in Istanbul, claimed through a private post on X that Aleo mistakenly sent Know Your Customer (KYC) documents to his email. These documents included selfies and ID card photos of another user, making him concerned about the security of his information.

The situation thus opens a unique irony: zero-knowledge layer-1 blockchain platforms such as Aleo focus on providing enhanced privacy and security for users. They employ zero-knowledge proof cryptographic techniques to enable transactions without revealing specific details, ensuring confidentiality.

Aleo’s privacy-centric approach makes it challenging for external parties to trace or access sensitive information, offering users greater control over their data. These platforms aim to enhance privacy in blockchain transactions, making them more secure and confidential for participants.

Now, it appears that the privacy-focused chain is facing a data privacy issue of its own. This development comes in as the Aleo blockchain’s mainnet is set for launch in the next few weeks as it works to have “some final bugs have been squashed,” according to Aleo Foundation Executive Director Alex Pruden, who spoke in a January interview detailing the project.

Selim C, an analyst from crypto dashboard Alphaday, confirmed that the issue was not isolated, saying it also happens to them. On-chain sleuth ZachXBT noticed the thread and reached out to the crypto community on X by amplifying the discussion.

To claim a reward on Aleo, users must complete KYC/AML and pass the Office of Foreign Assets Control (OFAC) screening by Aleo’s internal policies. Users must complete this process when signing up for HackerOne, a third-party protocol for collecting unencrypted KYC data.

Mike Sarvodaya, the founder of L1 blockchain infrastructure Galactica, stated in an interview with crypto news platform Cointelegraph that such a protocol design like Aleo’s should never have access to the user data (theoretically).

“It’s ironic that a protocol for programmable privacy uses a third party to collect users’ unencrypted KYC data after that leaks to the public. Apparently, when your zk stack is so advanced, you might just forget how to practice basic opsec,” Sarvodaya said.

Aleo’s privacy leak case highlights the importance of zero-knowledge or fully homomorphic encryption for sensitive data storage and proof systems, particularly for personally identifiable information (PII). In such systems, protocol rules ensure no single party can reveal stored data.

The information on or accessed through this website is obtained from independent sources we believe to be accurate and reliable, but Decentral Media, Inc. makes no representation or warranty as to the timeliness, completeness, or accuracy of any information on or accessed through this website. Decentral Media, Inc. is not an investment advisor. We do not give personalized investment advice or other financial advice. The information on this website is subject to change without notice. Some or all of the information on this website may become outdated, or it may be or become incomplete or inaccurate. We may, but are not obligated to, update any outdated, incomplete, or inaccurate information.

You should never make an investment decision on an ICO, IEO, or other investment based on the information on this website, and you should never interpret or otherwise rely on any of the information on this website as investment advice. We strongly recommend that you consult a licensed investment advisor or other qualified financial professional if you are seeking investment advice on an ICO, IEO, or other investment. We do not accept compensation in any form for analyzing or reporting on any ICO, IEO, cryptocurrency, currency, tokenized sales, securities, or commodities.

See full terms and conditions.

Read Entire Article