Aleo Users Worried Amid KYC Documents Leak

Reports say that Know Your Customer (KYC) papers on Aleo’s decentralized blockchain platform have been leaked.

Aleo is known for its zero-knowledge (zk) cryptography. However, some users found private information sent to their email inboxes by mistake, and the company is now being investigated.

Aleo’s KYC Documents Leak Sparks Privacy Concerns

Reports going around on X say that Aleo accidentally shared KYC papers on Feb. 25. To collect rewards, platform users must follow Aleo’s internal rules and go through Know Your Customer (KYC)/AML (Anti-Money Laundering) procedures and pass the Office of Foreign Assets Control (OFAC) screening.

todays snapshot https://t.co/m2bZqFOOuZ pic.twitter.com/PaEN3XkBzX

— smolting (wassie, verse) (@inversebrah) February 25, 2024

A user named @0xemirsoyturk said they got KYC papers that included selfies and ID card photos of someone else. This made people worry about the safety and privacy of user data. Another user, @Selim_jpeg, confirmed the claim by saying they also got someone else’s KYC documents.

HackerOne is a third-party protocol that users interact with to earn Aleo rewards. Its job is to collect users’ unencrypted KYC data. People are worried about the security measures in place because the privacy breach goes against the ideas behind zero-knowledge layer-1 blockchain platforms, which are meant to improve user privacy and security.

Platforms like Aleo use zero-knowledge-proof cryptography to make transfers possible without giving away specifics, which protects privacy. These methods aim to give users more control over their data by making it harder for outsiders to find or access private data.

Some people, like the founder of Galactica, a layer-1 blockchain system, have said the situation is ironic. The company’s founder said that a system for programmable privacy shouldn’t, in theory, let anyone get to user data. He said, “It’s ironic that a protocol for programmable privacy uses a third party to collect users’ unencrypted KYC data after that leaks to the public.”

Sarvodaya, a well-known person in the blockchain space, stressed the importance of creating zero-knowledge or fully homomorphic encryption (FHE)–based storage and proof methods for private data. Protocol rules must make sure that no one party can see the data that is stored in these kinds of systems.

As Aleo gets ready to start its mainnet in a few weeks, the incident has made people wonder how committed the platform is to privacy and how well its security measures work. In an interview with The Block, Alex Pruden, executive head of the Aleo Foundation, said that the last bug fixes are being made to make crypto transactions on the Aleo network more private.