Cryptocurrency wallet provider Tangem recently addressed a serious security flaw in its mobile application, which inadvertently collected users’ private keys via emails. The company announced that the bug in the app’s log processing, which exposed private keys, has now been fixed.
The issue came to light following active discussions on Reddit, where users expressed concern that Tangem had compromised investors’ funds. These discussions accused the wallet provider of failing to appropriately address the vulnerability when it was first identified. One user alleged that private keys had been logged in user emails, Tangem’s email system, and possibly a ticket tracking system, making them accessible to Tangem employees.
On December 30, Tangem acknowledged the bug and explained it originated from an oversight in the app’s logging process, which mistakenly recorded private keys during wallet creation. This log data was accessible to support staff, raising concerns about unauthorized access. Following the discovery, all logs and attachments sent to support teams were erased to ensure no lingering data remained.
Tangem clarified that the bug impacted only a small group of users, specifically those who generated a seed phrase and subsequently submitted a support request through the app. Despite the issue’s resolution and the update implemented to prevent further leaks, the crypto community criticized Tangem’s subdued response to the situation. The lack of announcements on Tangem’s official social media channels by December 31 further fueled dissatisfaction.
Tangem has proactively contacted the affected users to provide necessary support and safety measures. In the meantime, the company has urged all users to update their mobile applications immediately to safeguard against potential seed phrase leaks.