Tangem Wallet Fixes Email Glitch That Exposes User Seed Phrases

Last updated:

Journalist

Hassan Shittu

Journalist

Hassan Shittu

About Author

Hassan, a Cryptonews.com journalist with 6+ years of experience in Web3 journalism, brings deep knowledge across Crypto, Web3 Gaming, NFTs, and Play-to-Earn sectors. His work has appeared in…

Last updated:

Why Trust Cryptonews

Cryptonews has covered the cryptocurrency industry topics since 2017, aiming to provide informative insights to our readers. Our journalists and analysts have extensive experience in market analysis and blockchain technologies. We strive to maintain high editorial standards, focusing on factual accuracy and balanced reporting across all areas – from cryptocurrencies and blockchain projects to industry events, products, and technological developments. Our ongoing presence in the industry reflects our commitment to delivering relevant information in the evolving world of digital assets. Read more about Cryptonews

Ad Disclosure

We believe in full transparency with our readers. Some of our content includes affiliate links, and we may earn a commission through these partnerships. Read more

Cryptocurrency wallet provider Tangem has addressed a critical security vulnerability in its mobile app that could have exposed certain users’ private keys via email.

The vulnerability was discovered after discussions on Reddit highlighted the risks to users’ funds. Redditors criticized Tangem for exposing the private keys to email accounts and making them accessible to its employees.

Tangem’s Wallet Vulnerability: What Happened?

On Dec. 29, a Reddit user, u/areklanga, raised the alarm, claiming Tangem had failed to address the issue promptly. They alleged that private keys were stored in email histories and possibly in Tangem’s internal systems.

The user further noted that an earlier Reddit post pointing out the problem was mysteriously deleted. Tangem acknowledged the flaw on Dec. 30 and released a bug fix to address the issue.

In a statement addressing the issue, Tangem assured its users that the problem had been fully resolved.

The company said,

“We sincerely appreciate your feedback regarding this issue and want to assure you that it has been fully resolved, At Tangem, we prioritize transparency, security, and trust, and we take matters like these extremely seriously.”

According to Tangem, the vulnerability stemmed from a bug in the app’s log processing system.

This flaw affected a limited group of users who created wallets using seed phrases and contacted the support team directly through the app.

These logs, which included private keys, were accessible for a short period before being deleted.

The company clarified that users who activated their wallets without seed phrases were unaffected, as their private keys are generated directly on Tangem’s hardware cards.

The company explained:

“Private keys do not exist with such setups, therefore they are unable to be extracted by anyone, not even Tangem.”

While the overall impact was minimal, affecting fewer than 0.1% of users, Tangem acknowledged the seriousness of the situation.

“We recognize the trust you place in Tangem, and we are fully committed to maintaining that trust by upholding the highest standards of security and transparency.”

Tangem Fixes Security Bug, Promises No Private Key Compromises

Tangem swiftly responded by identifying the bug, fixing it, and updating the app to ensure that private keys are no longer logged under any circumstances.

To further safeguard users, the company has permanently deleted all logs and attachments sent to its support team and implemented enhanced security protocols to prevent similar issues in the future.

Tangem is also reaching out directly to potentially affected users, providing clear instructions on securing their accounts.

The company is urging all users to update to the latest version of the Tangem app for optimal security.

Additionally, Tangem highlighted its active bug bounty program, which incentivizes security researchers and ethical hackers to identify system vulnerabilities.

Tangem reassured its community that no private keys were compromised, no funds were lost, and no unauthorized access occurred due to the bug.

Despite the fix, some crypto community members criticized Tangem for its lack of transparency.

As of Dec. 31, the company had not announced the issue on its social media platforms, including Twitter, Discord, or Telegram.