Loading Ratings...
Tangem has resolved a critical security vulnerability in its mobile app that exposed private keys of users during interactions with support.
Author: Sahil Thakur
Written On: Thu, 02 Jan 2025 07:02:52 GMT
Cryptocurrency wallet provider Tangem has resolved a critical security vulnerability in its mobile app that exposed private keys of certain users during email interactions with support. The issue came to light following community concerns and a detailed Reddit discussion on December 29.
A Reddit user, âu/areklanga,â revealed that Tangemâs app logged private keys in its internal system and email communications. This process potentially allowed Tangem employees to access sensitive user information. âUser private keys remain in both user email history, Tangem email history, and perhaps in some Tangem ticket tracking system,â the user stated.
The issue caused an uproar in the crypto community, as it highlighted the risk of exposing private keys, which could compromise wallet security.
On December 30, Tangem acknowledged the vulnerability, attributing it to a bug in the appâs log processing function. In a statement shared on Reddit, the company explained, âWhen creating a wallet with a seed phrase, the private key was mistakenly logged in the applicationâs logs. These logs could later be accessed during interactions with our support team.â
Tangem confirmed that the bug affected fewer than 0.1% of users under specific conditions. Only those who activated wallets with a seed phrase and contacted support within seven days were potentially at risk. The company assured users that no funds were lost and no unauthorized account access occurred.
Tangem has resolved the issue and deleted all logs received by its support team. Additionally, the company implemented the following measures:
Tangem advised all users to update their mobile apps immediately to mitigate any potential risks.
Despite addressing the bug, Tangem faced criticism for its communication strategy. Community members expressed frustration over the lack of public announcements on social media platforms like Twitter, Discord, and Telegram.
Some accused the company of downplaying the severity of the issue. âWhile they claim that only a âvery small group of usersâ was affected, how many users had their keys written in plain text to their phones?â one Redditor questioned.
Tangem has pledged greater transparency and stronger security measures moving forward. However, the incident underscores the importance of robust security practices in the cryptocurrency space, where the loss of private keys can have severe consequences.
Users are encouraged to stay updated on security developments and ensure their apps are running the latest versions.
Real voices. Real reactions.
Add your reaction to this story:
Our Crypto Talk is committed to unbiased, transparent, and true reporting to the best of our knowledge. This news article aims to provide accurate information in a timely manner. However, we advise the readers to verify facts independently and consult a professional before making any decisions based on the content since our sources could be wrong too. Check our Terms and conditions for more info.
Quant Network Launches Quant Fusion for Interoperability
Kadena Launches Chainweb EVM Testnet with Over 50 Projects Committed
South Korea Suspends CBDC Tests as Banks Shift Focus to Stablecoins
Avalanche Sees Transaction Surge as Gas Fees Collapse After Etna and Octane Upgrades
Quant Network Launches Quant Fusion for Interoperability
Kadena Launches Chainweb EVM Testnet with Over 50 Projects Committed
South Korea Suspends CBDC Tests as Banks Shift Focus to Stablecoins
Avalanche Sees Transaction Surge as Gas Fees Collapse After Etna and Octane Upgrades
