Aleo, a decentralized blockchain known for its focus on privacy through zero-knowledge (ZK) proofs, recently acknowledged a leak of Know Your Customer (KYC) information.
The leak was attributed to a simple copy/paste error in email metadata.
Did you know?
Want to get smarter & wealthier with crypto?
Subscribe - We publish new crypto explainer videos every week!
How to Store NFTs in 2023 (3 Most Secure Ways Explained)
This happened because Aleo collected unencrypted KYC details using a third-party service, HackerOne.
The incident, which involved about 10 participants of Aleo Learn & Earn events, was promptly addressed by removing the exposed data, conducting an in-depth investigation, and notifying those impacted.
Aleo also announced the adoption of enhanced technical controls to bolster its KYC verification processes, ensuring such a breach does not recur.
Aleo's stringent adherence to KYC and Anti-Money Laundering (AML) regulations and compliance with the United States Office of Foreign Assets Control (OFAC) underlines its commitment to a privacy-centric ethos.
However, this recent incident has sparked discussions on the robustness of its security measures.
Adebayo Tiamiyu, an expert in cybersecurity and blockchain investigations, expressed concerns over Aleo's security protocols in light of the leak, suggesting that the incident underscores the importance of rigorous data protection practices.
As Aleo prepares for its mainnet launch, the foundation's executive director, Alex Pruden, assures that final adjustments are being made to ensure the platform can offer a secure and private environment for crypto transactions.
In other news related to security breaches, MicroStrategy's X account was recently hacked to spread links to a non-existent airdrop of a fake Ethereum-based MSTR token.