According to PANews on December 31, Cointelegraph reported that cryptocurrency wallet service provider Tangem recently fixed a major security vulnerability in its mobile application, which had caused some users' private keys to be inadvertently collected via email. Previously, Reddit users raised concerns, pointing out that Tangem exposed users' private keys to email accounts and its employees, threatening the security of investors' funds. User u/areklanga specifically noted that Tangem did not respond appropriately to the issue, and that users' private keys could remain in various email histories and ticket tracking systems, posing a security threat to all Tangem users.
On December 30, Tangem acknowledged the issue and explained that it was a bug in the mobile application log handling, which has now been resolved. When creating a wallet via mnemonic phrases, the private key was incorrectly logged in the application logs, which could be accessed during interactions with the support team. On the same day, Tangem released an application update, but the official website did not mention specific details. Tangem also confirmed that all logs and attachments sent to the support team have been permanently deleted to ensure no data remains.
Although Tangem claims that the vulnerability only affects a small number of users, some members of the cryptocurrency community remain dissatisfied with its low-key handling. As of December 31, Tangem has not issued any relevant announcements on social media. To prevent potential risks of private key leakage, all Tangem users are advised to update their mobile applications immediately.