ATTENTION TO ANYONE THAT IMPORTED A SEEDPHRASE AS WELL (NOT JUST GENERATED ON YOUR APPLICATION!!!!!!!) Tangem Provided some more info: The only method there was a possibility to be a part of this issue is if TWO actions were done simultaneously, and ONLY in that scenario. 1. If you made a seedphrase or imported a seedphrase 2. If you then emailed support direct from the app, and generated logs.
They say in the specific scenario of when you mailed support after generating or importing the seed. But I think you're right as it would make sense for it to be held in the log for the "7 days" they mention... I don't know how long, I worry it was since they brought this whole seed feature in. I don't know. Only Tangem can tell us. Great questions, hopefully if they see this video and comment section they can address these questions.
"Logs are only kept on your device for a short time before they're deleted, keeping your data secure." so would that mean if your seed and key is stored outside and in the app even if its a short time once you create or import your seed in the tangem app?
I have the old tangem card 1.0 with seedless solution. From what i heard i dont need to stress to much about it. I use the cardsystem tangem suggested as a backup.
Another update from Tangem: **Updates** The recent issue occurred due to a combination of factors. One significant factor was the use of legacy code written before Tangem Wallet implemented seed phrases. While this code was considered secure at the time, its reuse in a modern context introduced a vulnerability. Unfortunately, because this legacy code had been previously reviewed, it passed our standard review processes without raising concerns. **Completed Improvements to Prevent Future Issues** To ensure such issues do not occur again, we have implemented the following measures: **- Legacy Code Audit:** A comprehensive audit of all legacy code has been completed to ensure its compatibility with current security standards. This ensures that all older components meet modern requirements. **- Enhanced Security Reviews:** Our security review processes now include a dedicated focus on legacy components, ensuring that they are reviewed with the same level of rigor as newly written code. **- Automated Regression Testing: **We have integrated additional automated tests designed to detect potential regressions or issues related to legacy code. These tests are now a routine part of our quality assurance process. These measures are now fully operational and form a key part of our development lifecycle, further strengthening the security and reliability of Tangem Wallet. **Tangem Implements Advanced Development Standards** At Tangem, we adhere to the most advanced standards in application development, prioritizing security, reliability, and innovation at every stage of the process. **Unit Testing for Reliability** Unit testing is one of the cornerstones of our development process. It allows us to isolate individual components of the application and rigorously test their behavior under various conditions. This ensures that each piece of functionality operates as intended and reduces the likelihood of errors propagating into the final product. **Cross-Code Review for Quality Assurance** Cross-code reviews ensure that every piece of code is examined by multiple developers. This collaborative process not only helps identify potential vulnerabilities or logic errors but also promotes knowledge sharing among team members, resulting in higher-quality and more secure code. **Security Review Process** We have implemented a Security Review process to ensure that all new code and changes comply with best practices in cybersecurity. This reduces the risk of vulnerabilities being introduced during development and ensures Tangem applications meet the highest security standards. **Static Code Analysis for Early Detection** We also rely on static code analysis tools to automatically review the codebase for potential issues. These tools help detect patterns or structures that might lead to security vulnerabilities, performance bottlenecks, or maintainability concerns, allowing us to address them early in the development cycle. **Internal, Alpha, and Beta Testing** Every release undergoes multiple rounds of rigorous testing, including internal testing by our developers, alpha testing with select internal users, and beta testing by a broader group of early adopters. This comprehensive testing pipeline helps identify and fix issues before the application is made widely available. **Training and Education for Employees** At Tangem, we invest in the continuous training and education of our employees. Regular security training sessions ensure that our team remains up to date on modern threats, secure coding practices, and the latest technologies to safeguard our products. **Open Source and Community Collaboration** Tangem’s codebase is open-source, ensuring full transparency and inviting contributions from the broader community. Developers, security researchers, and enthusiasts around the world have access to our code, allowing them to review, suggest improvements, and flag potential vulnerabilities. This open collaboration helps us maintain a robust and secure product. **Bug Bounty Program for Enhanced Security** In addition to being open-source, Tangem runs a Bug Bounty Program, encouraging ethical hackers and security experts to find and report vulnerabilities in our applications. This proactive approach enables us to address potential issues quickly and rewards contributors who help improve the security of Tangem’s products. It is a vital layer of defense that complements our internal processes and fosters community engagement. **Proactive Issue Resolution** **Rapid Response Mechanism** Tangem has a well-defined and efficient process for addressing issues as they arise. Our team prioritizes rapid investigation and resolution of any vulnerabilities or errors, ensuring that fixes are developed, tested, and deployed as quickly as possible. **Transparency with Users** In the event of any detected issues, Tangem is committed to full transparency with its users. We promptly communicate the details of the issue, its impact, and provide clear instructions or recommendations to ensure user safety. This approach builds trust and demonstrates our dedication to security. **Please read this article for all further updates and communication on this ** Tangem has identified and promptly resolved a potential security vulnerability affecting a small percentage of wallet users. After a thorough investigation, we can confirm that no private keys were compromised, no user funds were lost, and no accounts were accessed. The issue was identified proactively, and only a very small group of users-fewer than 0.1%-could be potentially impacted under very specific circumstances. **More: tangem.com/en/blog/post/tangem-resolves-log-issue/**
This issue has been resolved, as far as I'm aware, the reason you would create a seed phase as if your cards fail or you lose them or you get locked out without your seed phase your loose all your crypto - you would be stupid not to have a seed phase tbh.
Correct, the issue is resolved. I agree with having a seed phrase but I disagree with generating a seed or importing a seed to a device with WiFi or a mobile/desktop. Seed phrases should only be used with devices which are specially made where you can input or generate on the hardware device itself. Not a device that can get potential viruses. If you browse around my channel you’ll see I make content regarding stuff like this ❤️ I appreciate your comment and thank you very much for watching. Do consider subscribing if you enjoy ☺️
ATTENTION TO ANYONE THAT IMPORTED A SEEDPHRASE AS WELL (NOT JUST GENERATED ON YOUR APPLICATION!!!!!!!)
Tangem Provided some more info:
The only method there was a possibility to be a part of this issue is if TWO actions were done simultaneously, and ONLY in that scenario.
1. If you made a seedphrase or imported a seedphrase
2. If you then emailed support direct from the app, and generated logs.
but was there a log that contained the key and seed in the phone? and if so how long and why was this not brought to light sooner?
They say in the specific scenario of when you mailed support after generating or importing the seed. But I think you're right as it would make sense for it to be held in the log for the "7 days" they mention... I don't know how long, I worry it was since they brought this whole seed feature in. I don't know. Only Tangem can tell us. Great questions, hopefully if they see this video and comment section they can address these questions.
"Logs are only kept on your device for a short time before they're deleted, keeping your data secure." so would that mean if your seed and key is stored outside and in the app even if its a short time once you create or import your seed in the tangem app?
Yes so I asked Tangem this in the video - as that would mean it could be extracted. Let’s hope they respond.
I have the old tangem card 1.0 with seedless solution. From what i heard i dont need to stress to much about it. I use the cardsystem tangem suggested as a backup.
Yes, Tangem said Seedless wasn’t affected and 1.0 only had the seedless firmware.
Another update from Tangem:
**Updates**
The recent issue occurred due to a combination of factors. One significant factor was the use of legacy code written before Tangem Wallet implemented seed phrases. While this code was considered secure at the time, its reuse in a modern context introduced a vulnerability. Unfortunately, because this legacy code had been previously reviewed, it passed our standard review processes without raising concerns.
**Completed Improvements to Prevent Future Issues**
To ensure such issues do not occur again, we have implemented the following measures:
**- Legacy Code Audit:** A comprehensive audit of all legacy code has been completed to ensure its compatibility with current security standards. This ensures that all older components meet modern requirements.
**- Enhanced Security Reviews:** Our security review processes now include a dedicated focus on legacy components, ensuring that they are reviewed with the same level of rigor as newly written code.
**- Automated Regression Testing: **We have integrated additional automated tests designed to detect potential regressions or issues related to legacy code. These tests are now a routine part of our quality assurance process.
These measures are now fully operational and form a key part of our development lifecycle, further strengthening the security and reliability of Tangem Wallet.
**Tangem Implements Advanced Development Standards**
At Tangem, we adhere to the most advanced standards in application development, prioritizing security, reliability, and innovation at every stage of the process.
**Unit Testing for Reliability**
Unit testing is one of the cornerstones of our development process. It allows us to isolate individual components of the application and rigorously test their behavior under various conditions. This ensures that each piece of functionality operates as intended and reduces the likelihood of errors propagating into the final product.
**Cross-Code Review for Quality Assurance**
Cross-code reviews ensure that every piece of code is examined by multiple developers. This collaborative process not only helps identify potential vulnerabilities or logic errors but also promotes knowledge sharing among team members, resulting in higher-quality and more secure code.
**Security Review Process**
We have implemented a Security Review process to ensure that all new code and changes comply with best practices in cybersecurity. This reduces the risk of vulnerabilities being introduced during development and ensures Tangem applications meet the highest security standards.
**Static Code Analysis for Early Detection**
We also rely on static code analysis tools to automatically review the codebase for potential issues. These tools help detect patterns or structures that might lead to security vulnerabilities, performance bottlenecks, or maintainability concerns, allowing us to address them early in the development cycle.
**Internal, Alpha, and Beta Testing**
Every release undergoes multiple rounds of rigorous testing, including internal testing by our developers, alpha testing with select internal users, and beta testing by a broader group of early adopters. This comprehensive testing pipeline helps identify and fix issues before the application is made widely available.
**Training and Education for Employees**
At Tangem, we invest in the continuous training and education of our employees. Regular security training sessions ensure that our team remains up to date on modern threats, secure coding practices, and the latest technologies to safeguard our products.
**Open Source and Community Collaboration**
Tangem’s codebase is open-source, ensuring full transparency and inviting contributions from the broader community. Developers, security researchers, and enthusiasts around the world have access to our code, allowing them to review, suggest improvements, and flag potential vulnerabilities. This open collaboration helps us maintain a robust and secure product.
**Bug Bounty Program for Enhanced Security**
In addition to being open-source, Tangem runs a Bug Bounty Program, encouraging ethical hackers and security experts to find and report vulnerabilities in our applications. This proactive approach enables us to address potential issues quickly and rewards contributors who help improve the security of Tangem’s products. It is a vital layer of defense that complements our internal processes and fosters community engagement.
**Proactive Issue Resolution**
**Rapid Response Mechanism**
Tangem has a well-defined and efficient process for addressing issues as they arise. Our team prioritizes rapid investigation and resolution of any vulnerabilities or errors, ensuring that fixes are developed, tested, and deployed as quickly as possible.
**Transparency with Users**
In the event of any detected issues, Tangem is committed to full transparency with its users. We promptly communicate the details of the issue, its impact, and provide clear instructions or recommendations to ensure user safety. This approach builds trust and demonstrates our dedication to security.
**Please read this article for all further updates and communication on this **
Tangem has identified and promptly resolved a potential security vulnerability affecting a small percentage of wallet users. After a thorough investigation, we can confirm that no private keys were compromised, no user funds were lost, and no accounts were accessed. The issue was identified proactively, and only a very small group of users-fewer than 0.1%-could be potentially impacted under very specific circumstances.
**More: tangem.com/en/blog/post/tangem-resolves-log-issue/**
This issue has been resolved, as far as I'm aware, the reason you would create a seed phase as if your cards fail or you lose them or you get locked out without your seed phase your loose all your crypto - you would be stupid not to have a seed phase tbh.
Correct, the issue is resolved. I agree with having a seed phrase but I disagree with generating a seed or importing a seed to a device with WiFi or a mobile/desktop. Seed phrases should only be used with devices which are specially made where you can input or generate on the hardware device itself. Not a device that can get potential viruses. If you browse around my channel you’ll see I make content regarding stuff like this ❤️ I appreciate your comment and thank you very much for watching. Do consider subscribing if you enjoy ☺️
@@JBINZALA I have updated my comment congratulations, good first video keep up the good work
Thanks, I’ve updated mine too! Appreciate your comment ❤️⚡️
Keep eating friend
You buying me dinner? Thanks