Tangem fixes security flaw after backlash over private key exposure

Tangem, a crypto wallet provider, has addressed a security vulnerability in its mobile app that inadvertently collected users’ private keys during email interactions with support.

This issue, initially discovered by the community, led to criticism of Tangem’s response and raised concerns about the security of user data.

The problem came to light on December 29 when a Reddit user, "u/areklanga," revealed that private keys were being stored in email histories, potentially exposing them to Tangem employees.

The user claimed that private keys remained accessible in both user and Tangem email histories, as well as in ticket tracking systems, making users’ assets vulnerable.

Tangem’s initial response was criticised, especially after the Reddit post outlining the issue was mysteriously deleted.

In response, users flooded the support team with inquiries.

On December 30, Tangem confirmed the issue and attributed it to a bug in the mobile app’s log processing function.

The company explained that when users generated a wallet using a seed phrase and immediately contacted support, the private key was mistakenly logged in the app’s logs.

These logs were then accessible during interactions with Tangem’s support team.

Tangem emphasised that the issue was limited to a small group of users who generated a wallet and contacted support right away.

The company also confirmed that all logs containing private keys had been deleted.

Despite the resolution, some members of the crypto community expressed frustration with Tangem’s communication strategy.

They criticised the company for not publicly addressing the issue on its official social media channels, leading to concerns about transparency.

Tangem has urged all users to update their mobile apps immediately to prevent any further security risks.