On February 25, the decentralized blockchain network Aleo made certain user data public, according to X (previously Twitter) sources.The platform leverages a third-party protocol for Know Your Customer (KYC) and focuses on zero-knowledge (zk) cryptography.Aleo submitted KYC documents to his email by mistake, according to a user going under the alias @0xemirsoyturk.He became concerned about the protection of his personal information after seeing selfies and images from another person’s ID card in these documents.The story was corroborated by another user, @Selim_jpeg, who said he received the KYC paperwork of another individual in his inbox.
In compliance with Aleo’s internal regulations, users must successfully complete KYC/AML and pass the Office of Foreign Assets Control (OFAC) screening in order to be eligible for a reward on the platform.This procedure must be finished in order for people to register for HackerOne, a third-party protocol that gathers users’ unencrypted KYC information.
The goal of zero-knowledge layer-1 blockchain systems is to give users more security and anonymity.They ensure anonymity by enabling transactions without disclosing precise details through the use of zero-knowledge proof cryptography techniques.This privacy-centric strategy gives users more control over their data by making it difficult for outside parties to track down or access critical information.By improving privacy, these platforms hope to increase participant security and confidentiality in blockchain transactions. The creator of layer-1 blockchain infrastructure Galactica, Mike Sarvodaya, told Cointelegraph that such a protocol should never, in theory, permit access to user data.He declared:
“It’s ironic that a protocol for programmable privacy uses a third party to collect users’ unencrypted KYC data after that leaks to the public. Apparently, when your zk stack is so advanced, you might just forget how to practice basic opsec.”
Sarvodaya claims that the Aleo case paradoxically emphasizes how important it is to develop zero knowledge or fully homomorphic encryption (FHE)-based storage and proof systems for sensitive data, such as Personally Identifiable Information (PII).Protocol guidelines in these systems need to guarantee that data is not disclosed by a single party.Aleo Foundation executive director Alex Pruden told The Block that the Aleo mainnet, which will provide privacy to cryptocurrency transactions, will launch in the coming weeks after a few last bugs are fixed.