{"id":11024,"date":"2024-02-26T12:07:06","date_gmt":"2024-02-26T10:07:06","guid":{"rendered":"https:\/\/forklog.com\/en\/data-breach-reported-on-aleo-blockchain-platform\/"},"modified":"2024-02-26T12:07:06","modified_gmt":"2024-02-26T10:07:06","slug":"data-breach-reported-on-aleo-blockchain-platform","status":"publish","type":"post","link":"https:\/\/forklog.com\/en\/data-breach-reported-on-aleo-blockchain-platform\/","title":{"rendered":"Data Breach Reported on Aleo Blockchain Platform"},"content":{"rendered":"<p>The privacy-focused blockchain platform Aleo has reportedly exposed some user data, according to posts on the social network X.<\/p>\n<blockquote class=\"twitter-tweet\" data-lang=\"en\">\n<p lang=\"en\" dir=\"ltr\">Hey <a href=\"https:\/\/twitter.com\/AleoHQ?ref_src=twsrc%5Etfw\">@AleoHQ<\/a> <\/p>\n<p>You just sent me someone&#8217;s KYC documents via email (including selfies and id card photos).<\/p>\n<p>That makes me wonder, If I have someone else&#8217;s KYC document, who else have you sent mine to?<\/p>\n<p>\u2014 Emir Soyt\u00fcrk | Devconnect ?? (@0xemirsoyturk) <a href=\"https:\/\/twitter.com\/0xemirsoyturk\/status\/1761421700678263296?ref_src=twsrc%5Etfw\">February 24, 2024<\/a><\/p><\/blockquote>\n<p> <script async src=\"https:\/\/platform.twitter.com\/widgets.js\" charset=\"utf-8\"><\/script><\/p>\n<p>A Turkish student, Emir Soyt\u00fcrk, discovered that he received another person&#8217;s <span data-descr=\"Know Your Customer \u2014 know your client\" class=\"old_tooltip\">KYC<\/span> data via email, including selfies and ID card photos.<\/p>\n<blockquote class=\"wp-block-quote is-layout-flow wp-block-quote-is-layout-flow\">\n<p>\u201cThis makes me wonder: if I have someone else&#8217;s document, to whom have you sent mine?\u201d he asked the project team.<\/p>\n<\/blockquote>\n<p>Another user, under the pseudonym Selim C, confirmed experiencing the same issue.<\/p>\n<blockquote class=\"twitter-tweet\" data-conversation=\"none\" data-lang=\"en\">\n<p lang=\"en\" dir=\"ltr\">I&#8217;ve just checked and same here. ??\u200d\u2642\ufe0f<\/p>\n<p>\u2014 Selim C (@selim_jpeg) <a href=\"https:\/\/twitter.com\/selim_jpeg\/status\/1761447321978409315?ref_src=twsrc%5Etfw\">February 24, 2024<\/a><\/p><\/blockquote>\n<p> <script async src=\"https:\/\/platform.twitter.com\/widgets.js\" charset=\"utf-8\"><\/script><\/p>\n<p>Renowned on-chain analyst ZachXBT sarcastically advised them to keep the documents in their archives.<\/p>\n<p>Aleo&#8217;s developers aim to facilitate the creation of applications based on zero-knowledge proofs (ZKP), which are used for privacy and data security.<\/p>\n<p>To receive rewards, users must undergo the KYC process with a third-party provider, HackerOne, and a check by the U.S. Treasury&#8217;s Office of Foreign Assets Control.<\/p>\n<p>Mike Sarvodaya, founder of the blockchain project Galactica, told <a href=\"https:\/\/cointelegraph.com\/news\/privacy-focused-aleo-users-concerned-after-kyc-documents-leak\">Cointelegraph<\/a> that the ZKP protocol should never allow access to user data.<\/p>\n<blockquote class=\"wp-block-quote is-layout-flow wp-block-quote-is-layout-flow\">\n<p>\u201cThe irony is that a programmable privacy protocol uses a third party to collect unencrypted KYC data, which then becomes public,\u201d he said.<\/p>\n<\/blockquote>\n<p>The expert speculated that the Aleo team was so confident in their ZKP stack that they overlooked basic operational security.<\/p>\n<p>In an interview with <a href=\"https:\/\/www.theblock.co\/post\/274575\/aleo-mainnet-set-to-come-within-weeks-with-lofty-goal-of-bringing-privacy-to-crypto\">The Block<\/a> at the end of January, Aleo Foundation head Alex Pruden stated that the project&#8217;s mainnet would launch in \u201cthe coming weeks.\u201d He noted that developers still need to fix several bugs identified through six audits and two bounty programs.<\/p>\n<p>In subsequent posts on X, Emir Soyt\u00fcrk <a href=\"https:\/\/twitter.com\/0xemirsoyturk\/status\/1761447583682007048\">reported<\/a> that after communicating with him, the team allegedly \u201cfixed\u201d the KYC data issue.<\/p>\n<p>In 2022, the project raised $200 million in a Series B funding round.<\/p>\n<p>In October 2023, leading mining equipment manufacturer Bitmain announced the release of an Antminer device for the Aleo blockchain, despite the absence of a mainnet and token.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>The privacy-focused blockchain platform Aleo has reportedly exposed some user data, according to posts on the social network X. Hey @AleoHQ You just sent me someone&#8217;s KYC documents via email (including selfies and id card photos). That makes me wonder, If I have someone else&#8217;s KYC document, who else have you sent mine to? \u2014 [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":11023,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"select":"","news_style_id":"","cryptorium_level":"","_short_excerpt_text":"","creation_source":"","_metatest_mainpost_news_update":false,"footnotes":""},"categories":[3],"tags":[1188,1256],"class_list":["post-11024","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-news-and-analysis","tag-data-breach","tag-privacy-and-personal-data"],"aioseo_notices":[],"amp_enabled":true,"views":"29","promo_type":"","layout_type":"","short_excerpt":"","is_update":"","_links":{"self":[{"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/posts\/11024","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/comments?post=11024"}],"version-history":[{"count":0,"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/posts\/11024\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/media\/11023"}],"wp:attachment":[{"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/media?parent=11024"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/categories?post=11024"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/tags?post=11024"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}