Decentralized blockchain platform Aleo made headlines on February 25 when reports on X (formerly Twitter) revealed that some users’ information had been exposed. Aleo, which focuses on zero-knowledge (ZK) cryptography, relies on a third-party protocol for Know Your Customer (KYC) procedures.
Emir Soytürk, a user of the platform, raised concerns after receiving KYC documents, including selfies and ID card photos, of another individual in his email. This incident raised doubts about the security of his own personal information. Another user, Selim C, confirmed this claim, stating that he too had received KYC documents belonging to someone else.
To be eligible for rewards on Aleo, users are required to complete KYC and Anti-Money Laundering (AML) procedures and pass the Office of Foreign Assets Control (OFAC) screening, all in accordance with Aleo’s internal policies. This process is carried out when signing up for HackerOne, a third-party protocol that collects users’ unencrypted KYC data.
Screenshot of Aleo user complaints on X platform. Source: Inversebrah
In the realm of ZK layer-1 blockchain platforms, privacy and security are key priorities. These platforms employ ZK-proof cryptographic techniques to facilitate transactions without revealing specific details, ensuring confidentiality. By adopting a privacy-centric approach, they offer users greater control over their data and make it challenging for external parties to trace or access sensitive information. Ultimately, these platforms aim to enhance the privacy and confidentiality of blockchain transactions for participants.
Cointelegraph spoke to Mike Sarvodaya, the founder of Galactica, a layer-1 blockchain infrastructure, who emphasized that theoretically, such protocols should never allow access to user data. Sarvodaya stated that the Aleo case ironically highlights the importance of developing storage and proof systems for sensitive data, such as Personally Identifiable Information (PII), based on ZK or fully homomorphic encryption (FHE). In these systems, the rules of the protocol must ensure that no single party can reveal stored data.
The Aleo mainnet is scheduled to launch in the coming weeks, once any remaining bugs have been addressed. The goal of this launch, as stated by Alex Pruden, the executive director of the Aleo Foundation, in an interview with The Block, is to bring privacy to crypto transactions.
Magazine:
What were Satoshi Nakamoto’s thoughts on ZK-proofs?