Tangem fixes critical flaw after Reddit criticism
Tangem resolves key exposure flaw
Cryptocurrency wallet provider Tangem has addressed a serious security vulnerability in its mobile app that exposed certain users' private keys through email logs.
The fix came in response to growing criticism from the crypto community, particularly on Reddit, where users accused Tangem of jeopardizing investors' funds by failing to protect sensitive data, according to Cointelegraph.
Incident details
The issue gained attention on December 29, when Reddit user u/areklanga alleged that Tangem was collecting users' private keys via email. The post also claimed that Tangem had previously ignored warnings about the vulnerability. According to the user, private keys were stored in both user and Tangem email histories, as well as possibly in Tangem's internal ticketing systems, making them accessible to company employees. They also noted that an earlier Reddit post detailing the vulnerability had been mysteriously deleted.
Tangem’s response and actions
On December 30, Tangem acknowledged the issue, confirming it resulted from a bug in the app's log processing system. The company explained that private keys generated during wallet creation were inadvertently logged and could be accessed if users interacted with Tangem's support team. A subsequent update was released to fix the issue.
Tangem assured users in a Reddit statement that all logs and attachments previously sent to its support team had been permanently deleted. The company emphasized that only a small group of users who generated seed phrases and immediately contacted support might have been affected. These users are being contacted directly for assistance.
"After thorough investigation, we can confidently confirm that no private keys were compromised, no user funds were lost, and no accounts were accessed," Tangem stated in its comments.
Criticism over lack of transparency
Despite releasing a patch, Tangem faced criticism for a perceived lack of transparency. Both critics and Tangem users pointed out that the company’s official website and social media channels did not mention the vulnerability or its resolution.
“Are you planning to share this announcement more broadly than just a comment on some Reddit post? I think an official blog and Telegram would be good places for that,” noted user solodkiy.
To mitigate potential risks, Tangem urged all users to immediately update their mobile applications. While the company claims to have resolved the issue, the incident highlights the critical importance of robust security measures in the cryptocurrency industry.
In related news, Byte Federal, one of the largest Bitcoin ATM operators in the U.S., recently reported a significant data breach that may have affected 58,000 customers.
