Update (Dec. 31, 12:40 pm UTC)
This article has been updated to include Tangem’s statement to Cointelegraph on the security vulnerability, the fix, and its handling of the situation.
A Critical Security Vulnerability Exposed Private Keys via Emails
Cryptocurrency wallet provider Tangem has fixed a critical security vulnerability in its mobile app that collected certain users’ private keys via emails. The fix came after Redditors repeatedly called out Tangem for putting investors’ funds at risk by exposing their private keys on email accounts and to Tangem employees.
The Incident Unfolds
On Dec. 29, a Reddit discussion on Tangem’s operations gained traction; it claimed the wallet provider allowed private keys to remain on email histories. The Redditor, u/areklanga, added that Tangem had not provided a ‘sensible reaction’ when the issue was pointed out earlier.
"So, user private keys remain in both user email history, Tangem email history, and perhaps in some Tangem ticket tracking system and are available for Tangen employees. Which makes all Tangem users compromized."
They also claimed that the original Reddit post mentioning the glitch ‘was deleted for some reason.’
Tangem Acknowledges the Issue and Provides a Breakdown
Tangem issued a timely bug fix, acknowledging the issue on Dec. 30 and stating that the incident arose from a bug in the mobile app’s log processing, which had been ‘fully resolved.’ Tangem also provided a breakdown of the situation:
"What was the issue? When creating a wallet with a seed phrase, the private key was mistakenly logged in the application’s logs. These logs could later be accessed during interactions with our support team."
Tangem got a new update on Dec. 30. Source: Google Play
The Affected Users
According to the company’s Reddit post, the bug affected a small group of users, and they are being contacted proactively for caution and support:
"It could have affected a very limited group of users: specifically, those who used a generated seedphrase, then immediately submitted a support request through the app. It does not affect any other users."
In a statement sent to Cointelegraph, Tangem confirmed that the vulnerability was limited to fewer than 0.1% of users under specific circumstances:
Only users who activated wallets with a seed phrase and contacted support within seven days of activation were potentially affected. Users without seed phrases or those who did not reach out to support through the app were unaffected.
Tangem’s Response
"No private keys were compromised, no user funds were lost, and no unauthorized account access occurred," Tangem said in the statement, addressing concerns raised by the crypto community.
Tangem’s official website, which logs all version updates of its mobile application, did not mention the details about the Dec. 30 update at the time of publication.
Tangem also confirmed in its Reddit response that ‘all logs and attachments sent to its support team were permanently deleted, ensuring no residual data remains.’
Related: Scammers Share Crypto Keys Aiming to Steal from Wannabe Thieves
Scammers share crypto keys aiming to steal from wannabe thieves: Kaspersky
Tangem Accused of Downplaying the Situation
While Tangem pushed out an update on Dec. 30 to prevent further leaks of seed phrases, some crypto community members called out the wallet provider’s muted response. However, Tangem told Cointelegraph that it had communicated directly with affected users and handled the issue transparently.
Tangem had not made any announcements on its social media channels, Twitter, Discord or Telegram, at the time of publication on Dec. 31. However, all Tangem users are advised to immediately update their mobile applications to avoid potential seed phrase leaks.
Additional Measures Implemented by Tangem
In response to the issue, Tangem told Cointelegraph it has implemented several additional measures, including:
- Enhanced security protocols
- A proactive outreach program to notify affected users with clear instructions and support
- A bug bounty program to identify vulnerabilities in exchange for rewards
Conclusion
Tangem’s prompt response to the critical security vulnerability is a testament to its commitment to user safety. The wallet provider’s actions demonstrate a proactive approach to addressing potential issues, ensuring that users’ private keys remain secure.
By prioritizing transparency and communication, Tangem has maintained the trust of its users and the crypto community as a whole. This incident serves as a reminder of the importance of vigilance in the face of emerging technologies and the need for continued innovation in security measures.
What’s Next?
As the cryptocurrency landscape continues to evolve, it is crucial for wallet providers like Tangem to remain vigilant and adapt to new challenges. By staying ahead of potential threats and investing in robust security protocols, these companies can ensure a secure and reliable experience for their users.
In this ever-changing environment, one thing remains constant: the importance of trust between users and service providers. Tangem’s handling of the recent security vulnerability is a shining example of how proactive communication and transparency can foster this trust.
By following in Tangem’s footsteps, other wallet providers can learn from this incident and strengthen their own security measures, ultimately creating a safer and more secure space for all users.
The cryptocurrency community will continue to evolve, and it’s essential that we prioritize the development of robust security protocols and proactive communication strategies. By working together, we can create a future where users feel confident in storing and transacting with their digital assets.
Stay Informed
To stay up-to-date on the latest developments in the cryptocurrency space, follow reputable sources such as CoinDesk, Coindance, and The Block. These platforms provide in-depth analysis and breaking news on emerging trends and technologies shaping the industry.
By staying informed and engaged, you can make informed decisions about your investments and take advantage of new opportunities that arise. Whether you’re a seasoned investor or just starting out, being aware of the latest developments will empower you to navigate this exciting landscape with confidence.
Get Involved
If you have a passion for cryptocurrency and a desire to contribute to its growth, consider joining online forums like Reddit’s r/CryptoCurrency or participating in local meetups. These communities offer valuable resources for learning about new technologies and connecting with like-minded individuals who share your enthusiasm.
By engaging with the community and sharing your expertise, you can help shape the future of cryptocurrency and create a more secure and accessible space for all users.
In conclusion, Tangem’s response to the critical security vulnerability serves as a shining example of proactive communication and transparency in the face of emerging challenges. By prioritizing user safety and investing in robust security protocols, wallet providers like Tangem can foster trust and confidence within the cryptocurrency community.
As we look to the future, it is essential that we prioritize continued innovation in security measures and stay vigilant against potential threats. By working together, we can create a secure and reliable space for all users to store and transact with their digital assets.
Stay informed, get involved, and join the conversation. Together, we can shape the future of cryptocurrency and make it accessible to everyone.
