Aleo, a decentralized blockchain platform, has issued a statement regarding a recent incident involving the exposure of Know Your Customer (KYC) information. The platform, which utilizes zero-knowledge (ZK) technology, attributed the leak to a copy/paste error in email metadata.
In a post on the social media platform X, Aleo revealed that approximately 10 participants from its recent Aleo Learn and Earn events were affected by the KYC information leak. The platform promptly removed the exposed information, conducted an investigation into the cause of the leak, and informed the affected individuals.
Aleo collects users’ unencrypted KYC data through the third-party protocol HackerOne. However, the platform has taken steps to address the issue by implementing new long-term technical controls for its KYC confirmation practices, based on its findings.
Reports on X on February 25 disclosed that Aleo, which specializes in ZK cryptography, had exposed sensitive information belonging to some users. ZK layer-1 blockchain platforms prioritize privacy and security for users by utilizing ZK-proof cryptographic techniques that enable transactions without revealing specific details, ensuring confidentiality.
To claim a reward on Aleo, users must comply with the platform’s internal policies, which include completing KYC and Anti-Money Laundering (AML) requirements and passing the United States Office of Foreign Assets Control (OFAC) screening. This privacy-centric approach gives users more control over their data and makes it difficult for external parties to trace or access sensitive information. The aim of these platforms is to enhance privacy in blockchain transactions, making them secure and confidential for participants.
Cointelegraph consulted with cybersecurity and blockchain investigations expert Adebayo Tiamiyu, who expressed concerns about the security protocols of ZK platforms like Aleo if they attribute KYC information exposure to a copy/paste error in email metadata. Adebayo emphasized the importance of strict data protection, continuous cybersecurity vigilance, and a “least privilege” approach, including regular audits and enhanced encryption, to prevent such incidents, even in supposedly secure blockchain platforms.
Aleo plans to launch its mainnet in the coming weeks, once final bugs have been addressed, in order to bring privacy to crypto transactions, according to Alex Pruden, the executive director of the Aleo Foundation.
Cointelegraph has reached out to Aleo for more information on the technical controls it intends to implement for KYC confirmation practices but has not yet received a response.
In an unrelated matter, there is no information available about what Satoshi Nakamoto thought about ZK-proofs.