Tangem has fixed a critical security vulnerability in its mobile app that allowed it to collect some users’ private keys via email, Cointelegraph reported.
On Dec. 29, a discussion about Tangem on Reddit accused the wallet provider of stealing private keys via email. User u/areklanga accused Tangem of not responding appropriately to the issue.
Tangem acknowledged on December 30 that the problem stemmed from a bug in the application's log processing and said it had been fully resolved. All logs and attachments sent to the support team have been permanently deleted.
The vulnerability affects a small number of users, and Tangem is actively contacting them to provide support. All users are advised to update the application immediately to avoid private key exposure.