Tangem App Security Vulnerability: What Happened and What You Need to Do

Показать описание

In this video, I explain a security vulnerability that was recently discovered in the Tangem app code. Tangem identified and fixed a potential issue that affected a small group of users, where private keys were mistakenly logged in the app during wallet activation with a seed phrase.

Here’s what you need to know: 1️⃣ What Happened: A bug caused private keys to be logged in the app’s logs when a user activated a wallet with a seed phrase and contacted Tangem support within 7 days.

2️⃣ Who Was Affected: Only users who activated their wallet with a seed phrase and reached out to Tangem support in the first 7 days were potentially affected. If this wasn’t you, then you have nothing to worry about.

3️⃣ Tangem’s Response: The issue was quickly identified and resolved, and all logs have been deleted to ensure user security. Tangem released updates (app versions 5.19.1 and 5.19.2) and implemented additional security measures.

4️⃣ What Should You Do: If you think you might have been affected, update the Tangem app, transfer your funds to another wallet, and reset your wallet to factory settings. I’ll walk you through all the necessary steps.

I also link to some helpful Reddit discussions where people have shared their reactions to this issue. However, I encourage you not to react with fear—do your own research and get all the facts before making any decisions.

TANGEM MAJOR SECURITY BUG DISCOVERED AND ACKNOWLEDGED BY TANGEM

IS TANGEM COMPROMISED? OR IS IT SCAM?

TANGEM REDDIT THREAD

TANGEM IDENTIFIES AND RESOLVES POTENTIAL VULNERABILITY

Join this channel to get access to perks:

Connect with CryptoDad:
Reddit: u/thecryptodad

Interested in a video chat session to get your new wallet set up or restored? Or maybe you have a technical issue that you can't figure out. Or perhaps you just want a Q & A session. Shoot me an email and we can set something up!

💡 DISCLAIMER: This video is for educational purposes only and should not be considered financial advice. Always do your own research before investing in cryptocurrencies.

Рекомендации по теме

Комментарии

🔑 Key Takeaway: The Tangem app security issue has been resolved, and no funds were lost or private keys compromised. If you were affected, make sure to update the app and reset your wallet to ensure your funds are safe. Please don’t panic—do your research and follow the steps I outlined in the video! 👇

CryptoDad

How in the world there could be something in the code to email your seed to tech support in first place? In which scenario that would be remotely needed? Calling it a bug is a big stretch... that´s what happens if you trust something that is not completely open source.

MrIF-fw

To me, this is the best YouTube channel I subscribed to… It really is the most valuable information entire library. Thank You Rex❤

kexie

I will continue to use Tangem - seedless of course! Thanks for a clarifying video.

This is such a major oversight, users private keys will be stored in the app log for a number of days before being wiped (apparently). This could be accessible to a hacker for that time frame, regardless of whether you've emailed support or not.

AlexBowmanEcomRanger

Great job getting this explained CryptoDad! As mentioned, the whole point of the Tangem, and what sold me, was NOT using seed phrase, so it blows my mind someone would use one.

bobbycarmichael

This confirms what I have always practiced. Spread your crypto in many seeds/devices/brands (at least 2 brands). It is more difficult to manage, but lazy people will get caught ...
But thinking that keeping a seed phrase safe on a paper is difficult and dangerous is also an act of laziness.

robbatayaki

Glad nobody lost crypto ! I would always want a copy of my 12-24 words. I get that some people do not trust themselves.

gtcstorm

For a company that boast about having two independent audit companies audit there wallet, either they are lying or those two companies are complete useless.

badsanta

@cryptodad Its really silly to call such an oversight a bug. this is just corporate damage control. they f-ed up by 1) recording seedphrase in cleartext in log that just shows poor judgement and/or code review/QA practices 2) uploading these logs w/o sanitizing them, its common industry practice. the entire point of these h/w secure devices is to handle sensitive data carefully which they have demonstrated they dont. Hence the reddit panic.

desicoder

Bit off topic but congrats on 180k subs!

chullotm

i update the app, and after i send msg to support from app, i get an email from them that i open but i dont download some files that was there, after some hours i get email from other email address (suspicious) that tell me to update app and after direct contact the support from app. i go to the app support and was there a lot of codes, a ready email just to send, i didnt send. i am in dangerous? my money is there

bluetvsports

Thanks for the explanation. your videos are always so clear and precise. Happy 2025!

cccollected

I knew there would be problems with tamgem. Seed phrase should never be generated on the app of a hardware wallet. It should be generated on thr device itself and never transfered to the app.i think all move to the keystone instead

klasykapolskiegohh

You said that the seed phrase was compromised. On Tangem web site they say the “private key” was compromised. Who is right? Are Seed phrase and private key the same?

az

excellent video. best ive seen on the topic.

scottjustin

I’m not going to panic over one security issue that has been resolved. Out of an abundance of caution I transferred my crypto off the card and did a factory reset. Anyone who used the seed phrase method should do this.

CJ-ulhm

referring to 5:51 mins, so Tangem still stores all the backup phrases over at their side?

viperviperpiro

Y'all are fine you didn't contact support via app.
Only seed phase are affected, before the fix.
Seedless is logged but is encrypted.
Anyways it should be used seedless as it was designed for.

numbased

Great analysis, thank you! I need some advice: I have a SafePal wallet with USDT, and I have the seed phrase. (alarm fetch churn bridge exercise tape speak race clerk couch crater letter). What's the best way to send them to Binance?

AshlyFey

Tangem App Security Vulnerability: What Happened and What You Need to Do

Tangem App Security Vulnerability: What Happened and What You Need to Do

🚨 TANGEM Wallet Security ALERT: VULNERABILITY Found & FIXED **What Users Need to Know!

Tangem Bug Explained!

Security vulnerability discovered at Tangem! Closed in new update! This is what you need to know!

Why the seed phrase is unsafe? / Tangem Wallet

Tangem's Security Nightmare Exposed!

Major Tangem Wallet Flaw EXPOSED ! - Tangem Wallet Vulnerability

What's wrong with Tangem wallet?

Sicherheitslücke bei Tangem entdeckt! Im neuen Update geschlossen! Das musst du wissen!

15 Crucial Things about Tangem Wallet You Need to Know | Explained

Tangem Wallet | Seed phrase? or No Seed phrase?

Tangem App is vulnerable

Tangem Crypto Wallet Seed Phrase Bug | What Happened?

Crypto Wallet TANGEM has MAJOR BUG. Seed Phrases POSSIIBLY EXPOSED

You have NO IDEA how dangerous this crypto wallet is!!!

🔒 Tangem Wallet's Security Concerns: What You Need to Know!

Tangem Wallet Ultimate FAQ: Watch BEFORE Buying!

Tangem Wallet Seed Phrase: Watch BEFORE You Setup!

Best Crypto Wallet for Beginners ✅ Tangem Wallet 2024 Full Review (Watch First!) 💳 🔐 Step-by-Step 💥...

#1 Flaw With Security-Chip Crypto Hardware Wallets (WARNING!!!)

What's Wrong With The Tangem Crypto Cold Wallet?

The Tangem Crypto Wallet & How To Set It Up

How to set up the Tangem Wallet without a seed phrase

Crypto Wallet Private Keys are NOT Secure - What are the reasons for Tangem's statement?