Privacy-focused Aleo claims the KYC leak was a copy-and-paste error.
Decentralized blockchain platform Aleo has released a statement regarding the exposure of Know Your Customer (KYC) data. The Zero Knowledge (ZK) platform blamed the failure on a copy/paste error in the email metadata.
In a post on X's social media platform, Aleo said the release of KYC information affected about 10 participants from the latest Aleo Learn and Earn events. Aleo said it removed the exposed data, investigated the cause and notified affected individuals.
The platform collected users' unencrypted KYC data through third-party protocol HackerOne. However, based on Aleo's findings, it has begun implementing new long-term technical controls for KYC verification procedures.
According to reports on February 25th, Aleo, which focuses on zero-knowledge encryption, exposed some users' sensitive data.
This weekend, information about 10 participants from the recent Know Your Customer (KYC) Aleo Learn & Find events was mistakenly exposed to other Aleo community members due to a copy/paste error in email metadata.
We appreciate everyone's patience as our team works to remove…
— Aleo (@AleoHQ) February 26, 2024
ZK Layer-1 blockchain platforms focus on providing enhanced privacy and security to users. To enable transactions without revealing certain details, they use ZK-proof encryption techniques that ensure confidentiality.
According to Aleo's internal policies, users must meet KYC and Anti-Money Laundering (AML) requirements and pass an Office of Foreign Assets Control (OFAC) screening in order to receive Aleo Rewards.
This privacy-focused approach makes it challenging for outside parties to find or access sensitive information, giving users more control over their data. These platforms aim to enhance privacy in blockchain transactions, making them safer and more confidential for participants.
Related: Coinbase Expands Asset Recovery Tool to Polygon and BNB Chain
If a zero-knowledge (ZK) platform like Aleo exposes KYC information in email metadata to a copy/paste error, he spoke to Adebayo Tiamiyu, an expert in cyber security and blockchain investigations and intelligence. Their security protocols.
According to Adebayo, the incident shows a flaw in the handling of personal data in the blockchain. He also emphasized the need for strict data protection, continuous cyber security vigilance and a “least privilege” approach. Regular audits and enhanced encryption are essential to prevent such risks even in supposedly secure blockchain platforms.
According to Aleo Foundation CEO Alex Prudden, the Aleo mainnet will be launched in the next few weeks after the final bugs are fixed to bring privacy to crypto transactions.
Cointelegraph has reached out to Aleo for details on the technical controls it plans to implement for KYC verification exercises, but has yet to receive a response.
Magazine: What did Satoshi Nakamoto think about ZK-proofs?
