- Decentralized blockchain platform Aleo faces a privacy breach as KYC documents leak.
- Users, including @0xemirsoyturk and @Selim_jpeg, report receiving KYC documents belonging to other individuals.
- Aleo, known for its zero-knowledge cryptography, utilizes a third-party protocol for KYC procedures.
- The incident raises questions about the security of user data in a platform emphasizing privacy.
- Mike Sarvodaya from Galactica highlights the irony of a privacy-focused protocol using a third party for KYC data collection.
Privacy Breach Shakes Aleo Users
In an unexpected turn of events, decentralized blockchain platform Aleo faced a privacy breach on February 25, as reported on the X (formerly Twitter). Users, including the pseudonymous @0xemirsoyturk and @Selim_jpeg, disclosed receiving KYC documents belonging to other individuals in their email. The leak sparked concerns among the community, questioning the security of their personal information.
Irony of Privacy Protocols
Aleo, renowned for its focus on zero-knowledge (zk) cryptography, employs a third-party protocol for Know Your Customer (KYC) procedures. To claim rewards, users are required to undergo KYC/AML and pass the Office of Foreign Assets Control (OFAC) screening through a third-party protocol named HackerOne. Mike Sarvodaya, founder of Galactica, emphasized the irony of a privacy-centric protocol relying on an external party for collecting unencrypted KYC data. He stressed the importance of implementing storage and proof systems for sensitive data, such as Personally Identifiable Information (PII), based on advanced cryptographic techniques like zero knowledge or fully homomorphic encryption (FHE).