Tangem, a crypto wallet provider, recently resolved a significant security flaw spotlighted in its mobile app. This vulnerability could compromise users’ private keys through email exposure. 

The issue came to light following Reddit discussions, where users voiced concerns about the potential risk to their funds. This came after Clipper, a decentralized exchange (DEX), revealed that a vulnerability in its withdrawal function led to the recent $450,000 hack.

The Discovery: Reddit Turns into the Watchdog

It all began on December 29 when a Reddit user spotted a vulnerability within Tangem’s app. According to the post, private keys were logged in emails and might even be accessible to Tangem employees. 

The discovery created an uproar in the Reddit community, with users expressing frustration over the security risk. What made the situation even worse was that an earlier Reddit post discussing the issue mysteriously disappeared. 

This raised suspicions that Tangem was attempting to conceal the issue, sparking a wave of comments as users demanded answers from the company.

How Tangem Accidentally Exposed Users’ Private Keys

The issue arose from a glitch in Tangem’s log processing system. This affected users who created wallets with seed phrases and contacted customer support. This has caused certain users’ private keys to be briefly stored in email histories.

Users without seed phrases were unaffected. This was because their private keys are securely generated on Tangem’s hardware cards and cannot be accessed. While fewer than 0.1% of users were impacted, the incident still damaged Tangem’s reputation despite no funds being lost or compromised.

In 2024, the crypto industry faced many security breaches, with hackers stealing approximately $1.49 billion in digital assets. A major incident occurred in July 2024 when the WazirX exchange was hacked. This resulted in the theft of around $234.9 million.

Additionally, compromised private keys emerged as the leading cause of crypto thefts. It accounted for 43.8% of the total losses from January to November 2024. These incidents highlight the ongoing challenges in securing digital assets and the critical importance of robust security measures within the crypto sector.

Tangem Restores Users’ Confidence with a Quick Fix

On December 30, Tangem quickly acknowledged the issue and assured users it was fixed. However, many users felt the lack of immediate communication raised more concerns than it resolved.

Tangem deleted all sensitive logs and attachments sent to its support team to rebuild trust. They also released an app update to prevent future logging of private keys. Tangem promised to contact affected users with instructions on securing their accounts. 

All users were urged to update to the latest version, which includes enhanced security features. The company also highlighted its bug bounty program, rewarding ethical hackers who find vulnerabilities and showing its commitment to improving user security.

The post Tangem Wallet Faces Backlash Over Private Key Leak appeared first on TheCoinrise.com.