A security flaw in Tangem, a cryptocurrency wallet provider, raised concerns among users as private keys were being logged and sent to email accounts.
Tangem addressed the issue publicly on December 31, stating, "What was the issue? When creating a wallet with a seed phrase, the private key was mistakenly logged in the application’s logs. These logs could later be accessed during interactions with our support team".
The company reassured users that the bug had been resolved and stated that all related logs and attachments had been permanently deleted to ensure no data remained.
Did you know?
Subscribe - We publish new crypto explainer videos every week!
What is a Bitcoin & How Does it work? (Animated Explainer)
Tangem also began contacting the affected users to provide support and guidance.
On December 29, a Reddit user highlighted that the app's logs included sensitive user data. These logs were accessible in email histories, which exposed private keys to Tangem staff and anyone with access to those accounts.
The user expressed frustration over Tangem’s lack of a clear response to the earlier warnings about this vulnerability. They also pointed out that an initial post on the issue had been removed without explanation.
Furthermore, critics argued that the company’s communication lacked transparency, especially since the app's official update log did not mention the details of the fix.
As Tangem addresses its security flaw, Clipper confirmed a withdrawal system glitch caused a $450,000 breach on December 1. How did the hack happen? Read the full story.
