PANews reported on December 31 that according to Cointelegraph, Tangem, a cryptocurrency wallet service provider, recently fixed a major security vulnerability in its mobile app, which caused some users' private keys to be accidentally collected via email. Previously, Reddit users questioned this, pointing out that Tangem exposed users' private keys to email accounts and its employees, threatening the safety of investors' funds. User u/areklanga specifically pointed out that Tangem did not respond appropriately to the problem, and that users' private keys may be retained in multiple email histories and work order tracking systems, posing a security threat to all Tangem users.
On December 30, Tangem acknowledged the problem and explained that it was a bug in the log processing of the mobile application, which has now been resolved. When creating a wallet through a mnemonic phrase, the private key was mistakenly recorded in the application log, which can be accessed when interacting with the support team. On the same day, Tangem released an application update, but the official website did not mention the specific details. Tangem also confirmed that all logs and attachments sent to the support team have been permanently deleted to ensure that no data is left.
Although Tangem said the vulnerability only affected a small number of users, some members of the crypto community still expressed dissatisfaction with its low-key handling. As of December 31, Tangem has not published any related announcements on social media. To prevent the potential risk of private key leakage, all Tangem users are advised to update their mobile applications immediately.
