Tangem wallet collects user seed phrases via email flash

Cryptocurrency wallet provider Tang also patched a critical security vulnerability in its mobile app that collected certain users' private keys via email.

The fix came after Redditors repeatedly called out Tang for putting investors' money at risk by exposing their private keys to email accounts and Tang employees.

On December 29, a Reddit discussion on Tangem's operations gained a lot of attention; The wallet provider says it allows private keys to be stored on email histories. Redditor, u/areklanga, said Tang didn't provide a “sensible response” when the issue was brought up earlier.

“Therefore, a user's private keys remain in both the user's email history, Tangem's email history, and possibly some Tangem ticket tracking system, and are available to Tangem employees. This leaves all Tangem users vulnerable.”

They also said that the original Reddit post that mentioned the bug was “deleted for some reason.”

Tang also released an updated bug fix.

Tang also acknowledged the issue on December 30 and said the incident was caused by a mobile app log processing error, which has been “fully resolved”. Tang also provided an overview of the situation:

“What was the matter? When creating a wallet with Pedigree, the private key was entered into the application logs by mistake. These logs can be accessed by contacting our support team.

Tangem's official website, which records all version updates of its mobile app, did not mention details about the December 30 update.

“All logs and attachments sent to the support team have been permanently deleted, confirming that there is no residual data,” Tangem said in a Reddit response.

Related: Fraudsters share crypto keys with intent to steal from wannabe thieves: Kaspersky

Tang also accused him of underestimating the situation

According to the company, the bug has affected a small group of users and they are actively contacting them for precautions and support.

“It could have affected a very limited group of users: specifically those who used Genealogy and immediately submitted a support request through the app. It did not affect other users.”

While Tangem issued an update on December 30 to prevent further leaks, some members of the crypto community reacted to the wallet provider's muted response. Tang did not immediately respond to Cointelegraph's request for comment.

Tang has not made any announcements on his social media channels, Twitter, Discord or Telegram since December 31st. However, all Tangem users are advised to update their mobile app immediately to avoid genealogy leaks.

Magazine: Story Protocol Helps IP Creators Survive AI Attacks… And Get Paid in Crypto