Tangem Addresses Security Flaw After Community Backlash
Crypto wallet provider Tangem recently discovered an important issue Safety There was a risk with its mobile app, which inadvertently collected users’ private keys during email interactions.
This fix follows multiple warnings from members who expressed concerns about potential security risks. They said users’ private keys were collected through email interactions within the Tangem mobile app.
tango Users face serious security risks
On December 29, a discussion on Reddit highlighted a potential security flaw tanjim’s wallet. User reveals private key is stored in email history, It’s possible to expose them To Tangem employees.
A Reddit user named “u/areklanga” exposed the vulnerability on the forum, sparking community concern.
“As a result, the user’s private key remains in the user’s email history, Tangem email history, and perhaps some Tangem ticket tracking systems, and is available to Tangem employees. This leaves all Tangem users compromised, “The user explain.
Users also pointed out that the original Reddit post detailing the glitch was mysteriously deleted, raising doubts about Tangem’s initial reaction. Once these concerns were confirmed, users flooded Tangem employees and support staff with emails.
Meanwhile, on December 30, Tangem acknowledged the issue and attributed it to a bug in the mobile app’s log handling functionality. They issued a statement confirming that they had “fully resolved” the bug.
“When creating a wallet using a mnemonic phrase, the private key was incorrectly recorded in the application logs. These logs could later be accessed when interacting with our support team,” Tangem explain In a statement on Reddit.
Tangem clarified that the impact of the bug was limited. It only affects the following users Generate seed phrase and raise a support request immediately. It also added that Tangem deleted all logs received by the support team.
Users accuse Tangem of downplaying the situation
When Tangem quickly Resolved the vulnerabilityAfterwards, some members of the crypto community expressed concerns about the company’s communication strategy. Specifically, they criticized lack of public announcement Regarding the leak on Tangem’s official social media platform.
“I’m frustrated that Tangem is downplaying the scope of this campaign. While they claim only a “very small number of users” sent emails with keys, how many users wrote the keys in plain text to their phone’s log files? explain A Reddit user.
As of press time on December 31, Tangem has not released any official announcement. About security risks on its social media channels.
Tangem recommends all users to immediately update their mobile applications to the latest version to reduce potential risks related to vulnerabilities.
Disclaimer
follow trust project BeInCrypto is committed to fair and transparent reporting. This news article is designed to provide accurate and timely information. However, readers are advised to independently verify the facts and consult a professional before making any decisions based on the content of this article. Please note that our terms and Conditions, privacy policyand Disclaimer Updated.
