TL;DR
- A bug in Tangem’s mobile app logged private keys in email histories, seriously compromising user security and trust in the platform.
- The company claims to have resolved the issue, permanently deleted all compromised data, and taken steps to prevent future breaches.
- The crypto community criticized Tangem for a lack of transparency, inadequate communication, and insufficient urgency in addressing the security vulnerability.
Cryptocurrency wallet provider Tangem has come under fire after resolving a critical vulnerability in its mobile app that exposed the private keys of certain users. The bug allowed private keys generated during wallet creation to be stored in email histories, putting them at risk of internal leaks.
The issue was first reported on December 29 in a Reddit post by user “u/areklanga”, who highlighted that private keys were being stored in the email histories of users, Tangem employees, and possibly within the company’s support tracking systems. The original post outlining the glitch was deleted, further fueling concerns about Tangem’s transparency.
Tangem’s Response: Effective or Insufficient?
On December 30, Tangem publicly acknowledged the issue and explained that the vulnerability stemmed from an error in the app’s log processing system. According to the company, the issue affected only a small group of users who generated a seed phrase and immediately submitted a support request through the app.
Tangem stated that all logs and attachments sent to its support team had been permanently deleted and assured users that the bug had been fully resolved. The company also urged all users to update their mobile apps to prevent any future risks.
However, this response has not satisfied the crypto community. Many users criticized Tangem for failing to release announcements on its official channels, such as Twitter or Telegram, and perceived the company’s reaction as lacking urgency and transparency.
Lessons on Crypto Security
This incident highlights the importance of thoroughly assessing the security measures of any cryptocurrency platform. While Tangem has stated that the issue is resolved, users are advised to update their apps immediately and, if necessary, generate new seed phrases to ensure the safety of their digital assets.
The Tangem case underscores the delicate balance between trust and transparency in the crypto ecosystem, where data security is crucial to protecting investors’ funds.
