Crypto wallet provider Tangem has recently addressed a significant security vulnerability in its mobile app that inadvertently collected users' private keys via email interactions.
Crypto wallet provider Tangem has recently addressed a significant security vulnerability in its mobile app that inadvertently collected users' private keys via email interactions.
The issue surfaced on Dec. 29 when a Reddit discussion highlighted that private keys were being stored in email histories, potentially exposing them to both users and Tangem employees.
A Reddit user, identified as u/areklanga, claimed that the problem allowed private keys to remain accessible in both user and Tangem email histories, as well as in a ticket tracking system. This raised concerns among the community, leading to accusations that Tangem had not adequately responded to the allegations when they were first raised. The user also noted that the original post detailing the glitch had been deleted.
In response to the growing scrutiny, Tangem acknowledged the issue on Dec. 30, explaining that it stemmed from a bug in the app's log processing.
The company stated that when users created a wallet with a seed phrase, the private key was logged mistakenly. This log could be accessed during support interactions, posing a risk to user security.
Tangem asserted that the bug affected a limited number of users—specifically those who generated a seed phrase and immediately submitted a support request. The company confirmed that all logs and attachments sent to its support team have been permanently deleted to ensure no residual data remains.
Despite the prompt action to resolve the issue, some members of the crypto community criticized Tangem for its muted response, noting that the company had not made announcements on its social media platforms regarding the vulnerability.
This article contains links to third-party websites or other content for information purposes only (“Third-Party Sites”). The Third-Party Sites are not under the control of CoinMarketCap, and CoinMarketCap is not responsible for the content of any Third-Party Site, including without limitation any link contained in a Third-Party Site, or any changes or updates to a Third-Party Site. CoinMarketCap is providing these links to you only as a convenience, and the inclusion of any link does not imply endorsement, approval or recommendation by CoinMarketCap of the site or any association with its operators.
This article is intended to be used and must be used for informational purposes only. It is important to do your own research and analysis before making any material decisions related to any of the products or services described. This article is not intended as, and shall not be construed as, financial advice.
The views and opinions expressed in this article are the author’s [company’s] own and do not necessarily reflect those of CoinMarketCap.
