A critical security vulnerability was discovered in Tangem, the crypto wallet provider, exposing users’ private keys through emails, endangering investors’ funds.
The Nature of the Tangem Vulnerability
On December 29, a Reddit user accused Tangem of collecting private keys via emails. These keys were stored in the email history of users and Tangem’s ticket system, making them accessible to the company’s employees.
Problem Resolution and Security Measures
On December 30, Tangem acknowledged the issue, explaining it stemmed from a bug in the application log processing system. Private keys generated during wallet creation were mistakenly recorded in logs accessible during support interactions. An update was released to fix this. Tangem assured users that all logs and attachments sent to support were permanently deleted, emphasizing that only a small portion of users generating a recovery phrase and contacting support immediately could be affected.
Reaction and Security in the Crypto Industry
Despite the fix, Tangem faced criticism for lack of transparency. The crypto community criticized the company for not mentioning the vulnerability or its resolution on their official website and social media. However, Tangem urged all users to update their mobile apps immediately. This incident highlights the importance of strong security measures in the crypto industry. Users must stay vigilant and ensure their applications are always up to date to avoid such vulnerabilities.
The Tangem vulnerability raises questions about security and transparency in the crypto industry. Users should exercise caution and regularly update their applications to safeguard their funds.
