PANews reported on December 31, citing Cointelegraph, that cryptocurrency wallet provider Tangem recently fixed a major security vulnerability in its mobile application, which had inadvertently collected some users' private keys via email. Previously, a Reddit user raised concerns, pointing out that Tangem exposed users' private keys to email accounts and their employees, threatening the safety of investors' funds. User u/areklanga specifically noted that Tangem did not respond appropriately to the issue, and users' private keys may remain in multiple email histories and ticket tracking systems, posing a security threat to all Tangem users.
On December 30, Tangem acknowledged the issue and explained that it was a bug in the mobile application log handling, which has now been resolved. When creating wallets through the mnemonic, private keys were incorrectly logged in the application logs, which can be accessed when interacting with the support team. On the same day, Tangem released an application update, but the official website did not mention specific details. Tangem also confirmed that all logs and attachments sent to the support team have been permanently deleted to ensure no data residue.
Although Tangem stated that the vulnerability only affects a small number of users, some members of the crypto community are still dissatisfied with its low-key handling. As of December 31, Tangem has not released any relevant announcements on social media. To mitigate potential risks of private key leakage, all Tangem users are advised to immediately update their mobile applications.