Tangem Wallet Fixes Security Glitch That Exposed User Private Keys via Email

Cryptocurrency wallet provider Tangem has resolved a significant security vulnerability that inadvertently exposed some users' private keys through email communications. The issue, discovered by users on Reddit, raised concerns about the safety of funds stored in Tangem wallets and led to criticism of the company's delayed response to the discovery.

On December 29, a Reddit thread discussing Tangem’s security practices gained attention when a user, identified as u/areklanga, claimed that the wallet provider’s mobile app was logging private keys and sending them via email. This exposure meant that private keys, crucial for accessing user wallets, could be found in email histories and could potentially be accessed by Tangem support staff.

The Redditor described the situation as highly alarming: “User private keys remain in both user email history, Tangem email history, and perhaps in some Tangem ticket tracking system, which makes all Tangem users compromised,” they wrote. The post also noted that a previous Reddit discussion about the bug had mysteriously been deleted, intensifying concerns within the community.

Tangem Issues Bug Fix but Faces Criticism for Delayed Response

Tangem quickly acknowledged the issue on December 30 and assured users that the vulnerability had been fully addressed. The company explained that the bug was tied to its app’s log processing system. Specifically, when a user created a wallet with a seed phrase, the private key was mistakenly logged in the app’s internal logs. These logs could then be accessed during interactions with Tangem’s support team, inadvertently exposing users’ private information.

The company emphasized that all logs and attachments sent to the support team had been permanently deleted to prevent any residual data from remaining accessible. Tangem also noted that the bug had affected only a small subset of users—those who generated a seed phrase and immediately submitted a support request via the app.

Despite the swift fix, many in the crypto community criticized Tangem for not providing a more transparent and urgent response. The company did not issue any public statement on its social media platforms—such as Twitter, Discord, or Telegram—nor did it immediately respond to inquiries from news outlets, including Cointelegraph, about the issue.

A Small Group Affected, According to Tangem

In its official response, Tangem emphasized that the bug affected a “very limited group of users.” According to the company, only those who generated a seed phrase and then submitted a support request immediately after creating their wallet were at risk. These users have been proactively contacted by Tangem for precautionary measures and support.

However, the muted reaction to the security breach has raised eyebrows. Some in the crypto community feel the company downplayed the severity of the issue, given that users' private keys—central to their wallet security—were exposed to potential access by support staff. This has led to calls for greater transparency and more robust communication from Tangem moving forward.

Recommendations for Tangem Users

Tangem has issued an update to its mobile application, which fixes the bug and prevents further exposure of private keys. The company has advised all users to immediately update their apps to protect against potential future leaks.

While the company worked to address the issue, the incident highlights the risks inherent in the rapidly evolving world of cryptocurrency and the importance of robust security measures. Users are advised to exercise caution and ensure that their wallets are properly secured to avoid potential threats to their funds.

Despite the resolution of the bug, the incident serves as a reminder of the critical need for crypto wallet providers to remain vigilant about security and transparent with their user base when vulnerabilities are discovered.