KEY POINTS
- One user said the supposed leak included selfies and ID card images of another person
- Another X user questioned why Aleo was asking for KYC information to begin with
- Aleo’s mainnet is expected to be launched sometime in the coming weeks
Decentralized blockchain platform Aleo has reportedly revealed the Know Your Customer (KYC) documents of some of its users, as per several user reports on X (formerly Twitter).
Pseudonymous user @oxemirsoyturk, revealed Sunday on X that Aleo, which is focused on zero knowledge (zk) cryptography applications and utilizes a third-party protocol for KYC information, sent “someone’s KYC documents via email.”
The documents reportedly included selfies and ID card photos. “That makes me wonder, if I have someone else’s KYC document, who else have you sent mine to?” the user asked.
Under a privacy-centric approach such as the one the San Francisco-headquartered platform uses, external parties are supposed to have difficulty tracing or accessing sensitive information. This, in turn, offers users with a broader control over their own data, providing more privacy when making blockchain transactions.
Web3 content creator Selim C responded to user @oxemirsoyturk’s post, saying, “I’ve just checked and same here.”
User @metaryuk questioned why Aleo requires users to complete KYC information and pass screening guidelines under the Office of Foreign Assets Control (OFAC) to claim rewards. “If a chain focuses on privacy [it] should not be asking for KYC in the first place!” the user wrote.
Echoing @metaryuk’s comments, Mike Sarvodaya, founder of layer-1 blockchain infrastructure Galactica, told Cointelegraph that privacy-focused protocols should, in theory, not allow access to user data.
“It’s ironic that a protocol for programmable privacy uses a third party to collect users’ unencrypted KYC data after that leaks to the public. Apparently, when your zk stack is so advanced, you might just forget how to practice basic opsec,” he noted.
Aleo did not immediately respond to International Business Times‘ request for comment.
News of the supposed user information leak came about a month after Aleo Foundation’s executive director Alex Pruden told The Block that the Aleo mainnet will launch sometime soon.
“We just finished the third phase of testnet three and have a list of bugs that we discovered through the process. We got the list of bugs from six audits that we’ve done and two bug bounty programs,” Pruden said at the time.
He said the platform struggled in the past four years to reach the point where it is now as it looks to eliminate the last bugs before launching the mainnet. “The good news is we’re at the very end of that journey and we’re getting ready to launch imminently,” he added.