Update (Dec. 31, 12:40 pm UTC): This article has been updated to include Tangem’s statement to Cointelegraph on the security vulnerability, the fix, and its handling of the situation.
In a recent development that has sent shockwaves through the cryptocurrency community, wallet provider Tangem has fixed a critical security vulnerability in its mobile app. The flaw allowed certain users’ private keys to be collected via emails, putting investors’ funds at risk.
Background on the Security Vulnerability
On December 29, a Reddit discussion gained traction regarding Tangem’s operations. A Redditor, u/areklanga, claimed that Tangem allowed private keys to remain in both user email histories and Tangem’s email history. The Redditor also stated that Tangem employees had access to these private keys, making all Tangem users vulnerable.
Key Details on the Vulnerability
- Private Keys Exposed: Private keys were mistakenly logged in the application’s logs.
- Access by Support Team: These logs could later be accessed during interactions with Tangem’s support team.
- Limited User Impact: The bug affected a small group of users, specifically those who used a generated seed phrase and contacted support within seven days of activation.
Tangem’s Response to the Security Vulnerability
In response to the issue, Tangem acknowledged the security vulnerability on December 30. According to their statement:
"What was the issue? When creating a wallet with a seed phrase, the private key was mistakenly logged in the application’s logs. These logs could later be accessed during interactions with our support team."
Tangem also confirmed that no private keys were compromised, and no user funds were lost or unauthorized account access occurred.
Steps Taken by Tangem to Address the Vulnerability
- Bug Fix: A timely bug fix was implemented to prevent further leaks of seed phrases.
- Enhanced Security Protocols: Additional measures have been put in place, including enhanced security protocols and a proactive outreach program to notify affected users with clear instructions and support.
Criticism of Tangem’s Response
While Tangem pushed out an update on December 30 to prevent further leaks of seed phrases, some members of the crypto community called out the wallet provider for downplaying the situation. However, Tangem told Cointelegraph that it had communicated directly with affected users and handled the issue transparently.
Additional Measures Implemented by Tangem
- Bug Bounty Program: A bug bounty program has been implemented to identify vulnerabilities in exchange for rewards.
- Proactive Outreach: Affected users are being contacted proactively for caution and support.
Conclusion
The recent security vulnerability in Tangem’s mobile app highlights the importance of prioritizing user data security. While the issue has been fixed, it is essential for wallet providers like Tangem to maintain transparency and communicate effectively with their users in such situations.
Related Articles:
- Scammers Share Crypto Keys Aiming to Steal from Wannabe Thieves: Kaspersky
- Tangem Accused of Downplaying the Situation
Further Reading
- Tangem’s Official Statement on the Security Vulnerability: A comprehensive statement by Tangem addressing concerns raised by the crypto community.
- Enhancing Security Protocols for Crypto Wallet Providers: An article discussing ways to improve security protocols for wallet providers like Tangem.
Subscribe to our newsletter, Finance Redefined, to stay updated on the latest DeFi developments and uncover new financial opportunities.
