According to Cointelegraph, Tangem has fixed a critical security vulnerability in its mobile application that collected certain users' private keys via email.
On December 29, discussions on Reddit about Tangem accused the wallet provider of stealing private keys via email. User u/areklanga accused Tangem of not responding reasonably to the issue.
On December 30, Tangem acknowledged that the issue stemmed from a bug in the application log processing and stated that it has been fully resolved. All logs and attachments sent to the support team have been permanently deleted.
The vulnerability affected a small number of users, and Tangem is actively contacting them to provide support. All users are advised to update the application immediately to avoid private key leakage.