🔑 Key Takeaway: The Tangem app security issue has been resolved, and no funds were lost or private keys compromised. If you were affected, make sure to update the app and reset your wallet to ensure your funds are safe. Please don’t panic-do your research and follow the steps I outlined in the video! 👇
Thanks, CD. Also, I am using trustwallet & noticed VTHO balance keeps dissappearing & reappearing when refreshing. I don't know if you are using Trustwallet, but I do have the latest update & if you heard anything about this? Again, thanks.
What should I do if I haven't been effected at all nor have I updated anything for weeks on the app but have been using to send and recieve crypto no problems at all but that was about 4 days ago. Do u suggest I start a new address then send funds across to the seedless new account? Or save to leave as is
@sm5394 your app will get updated through the App Store if you’re on an iPhone. Through the Google Play store if you’re on an android. Just go to either one of those to run your updates. Don’t click on any links or emails or text or anything like that telling you you need to run an update. Those are probably likely scams.
@@scottishcrypto2871 are you using the seed phrase option? Did you contact tech-support through the app interface? If not, then you have not been affected by this.
How in the world there could be something in the code to email your seed to tech support in first place? In which scenario that would be remotely needed? Calling it a bug is a big stretch... that´s what happens if you trust something that is not completely open source.
Calling this a bug is bizarre. To email the keys, in plain text no less, is so lame, that i believe the whole product is now comprised. The tech may be 1st rate but 4th string programmers can be a disaster for users.
Tangem is open source it's only the firmware which isn't open source and that has nothing to do with this bug given it was fixed with an app update also seeds weren't being sent to support I would recommend reading the full blog post that cryptodad linked in the description
@ apparently not open source enough to prevent this. My question is, someone created a code that grabs the seed and sends to the support email, that’s not how bugs work. It was created intentionally and maybe not supposed to be part of the final release to the public, but for sure not a simple unpredictable bug.
This is such a major oversight, users private keys will be stored in the app log for a number of days before being wiped (apparently). This could be accessible to a hacker for that time frame, regardless of whether you've emailed support or not.
so if one were super paranoid, would a solution be to follow the instructions, even if you were not "affected" per tangems' procedures...(transfer funds out, reset card to factory, reactivate the card with OR WITHOUT THE SEED PHRASE, then transfer funds back to the reactivated card)??? I think I understand what you are getting at. Hackers can be sneaky and there are so many different ways to hack apps log data...a hacker might not take action right away to steal the private key..which apparently is not encrypted in the log files of the app. This would be expected as hackers generally wait until they have amassed a sizable number of stolen key over time before executing the theft because to do it one by one present a "risk" of having the operation detected and limiting the overall heist haul. as a matter of good security, I think it's probably a good idea to do the procedure even IF you do not fall into the small set of circumstance that tangem has outlined. additionally, and don't want to insinuate tangem has done a really bad job at simple security with this "bug", but it would be prudent that they publish and allow a third party to audit their security and start looking for other areas of risk: if you didn't have the awareness that logs from the app contained unencrypted private keys and were being sent via the wild wild interweb, that's a pretty big sign that security audits were not being performed at tangem. It's such an obvious security escape that indicates to me this company and whomever they hired to perform penetration testing and security stress tests did not do even a basic job. it's such an obvious thing ...unecruypted log files that contain the private key, that can be emailed unwittingly by the user, or shared automatically without the users control over whether they know the private key is being shared? that's a huge red flag. so in terms of how to build trust back, I think it's reasonable to expect tangem to have a third party come in and look broadly at the entire thing end to end and look for other things the company may not have done correctly. This is exactly the sort of thing that hackers would want to use to steal funds. At I will repeat, apps on smarts phones are not very secure. and certainly if the log files are not encrypted makes it even trivial. ..no serious work involved once you have that file, malking theft of the funds without any need or any sophistication. And the surface area for attacks on smart phones and apps are enormous. I just recently bought a tangem card. I haven't used it yet, but I don't think I will until I see the company publishing a little bit more transparency and a formal third party audit to verify they are doing what should have happened to prevent this obvious "bug".
For a company that boast about having two independent audit companies audit there wallet, either they are lying or those two companies are complete useless.
This confirms what I have always practiced. Spread your crypto in many seeds/devices/brands (at least 2 brands). It is more difficult to manage, but lazy people will get caught ... But thinking that keeping a seed phrase safe on a paper is difficult and dangerous is also an act of laziness.
Great job getting this explained CryptoDad! As mentioned, the whole point of the Tangem, and what sold me, was NOT using seed phrase, so it blows my mind someone would use one.
i reset to factory settings, after the first card was reset the app was like new, when i scan the card to create new wallet, the rest 2 cards cannot be back up cards, as the notification mentioned is that those 2 cards belong to other wallet, looks that the reset settings was applied to the main card only. what to do?
@cryptodad Its really silly to call such an oversight a bug. this is just corporate damage control. they f-ed up by 1) recording seedphrase in cleartext in log that just shows poor judgement and/or code review/QA practices 2) uploading these logs w/o sanitizing them, its common industry practice. the entire point of these h/w secure devices is to handle sensitive data carefully which they have demonstrated they dont. Hence the reddit panic.
I knew there would be problems with tamgem. Seed phrase should never be generated on the app of a hardware wallet. It should be generated on thr device itself and never transfered to the app.i think all move to the keystone instead
This Tangem flaw is a canyon of incompetence. It’s an outrageous display of amateurism, unforgivable, and destroys all credibility-be it audits or military-grade security. Defending Tangem means betraying the trust of your community again. What you should do is refund subscribers who bought using your promo code and sever ties with these scammers. Tangem is just a startup selling $1 products for $60, paying influencers while disregarding regular users.
Bro? You're fine if you didn't use the contact support and if you were to use the seed phrase the log will be exposed. Seedless is logged but is encrypted.
i update the app, and after i send msg to support from app, i get an email from them that i open but i dont download some files that was there, after some hours i get email from other email address (suspicious) that tell me to update app and after direct contact the support from app. i go to the app support and was there a lot of codes, a ready email just to send, i didnt send. i am in dangerous? my money is there
You said that the seed phrase was compromised. On Tangem web site they say the “private key” was compromised. Who is right? Are Seed phrase and private key the same?
Yes, I was incorrect. It was the private key. Not the seed phrase. Sometimes the two terms can be interchangeable when speaking about hardware wallets. But not in this case. The private key is a very long number. The seed phrase is a list of 12 or 24 words
You say ''If you think you may have been effected then, move your crypto'' or ''buy a new Tangem wallet''. So you are telling me , those who have just paid and setup a new Tamgem wallet have to buy another one?? due to a security issue within the company.
You don't need to buy a new wallet. Just move your funds away so you can access them later. Then, factory reset all the cards. If you want to use Tangem as a hardware wallet, you must activate it WITHOUT the seed phrase. With seed phrase option, Tangem becomes a software wallet because the seed phrase is displayed on the mobile screen which is just controlled by a non-secure MCU chip, not the EAL6+ SE chip. The smartphone is always connected to internet.
Sounds like a big rug waiting to happen. You should always be able to generate a key offline. Hope they don't have a data stock piled list of everyone's keys, it would be a disaster
Am open my tangem wallet seen the one options mandetry security update ( have you ever contacted tangem support directly through this application last showing No..or Yes options so please help me what should I do )
Does anyone know which github repository was the fix applied on for the 'private key logging' issue? And nice if you could cite the specific commit hash.
Y'all are fine you didn't contact support via app. Only seed phase are affected, before the fix. Seedless is logged but is encrypted. Anyways it should be used seedless as it was designed for.
If I don’t setup a manual seed phrase and something happens to tangem.. will I lose access and ability to transfer funds? Im really having difficulty which option to choose..
I’m not going to panic over one security issue that has been resolved. Out of an abundance of caution I transferred my crypto off the card and did a factory reset. Anyone who used the seed phrase method should do this.
I’m new to all of this and go figure this happens literally days after I do a major buy in with my fancy new Tangem. I don’t think I was affected due to the timing and app version (and I never sent an email). When you say “transfer off the card” do you mean transfer to a new wallet/hardware device? Thanks
is it not possible that a attacker could read the log the app kept .... just cause the bug attached the key to tech support when log was sent , what's stopping attacker or some kinda backup software from keeping and reading that same log.
@@BR-qg5jd just move your crypto if you’re worried about that. Update to the latest version that does not contain the bug and move on with your life. Happy new year.
I assure you all of my videos are 100% my voice ha ha. That particular part you’re talking about was a splice where I talked about crypto not being tainted when a wallet is compromised and then it shifted to another section quickly without a transition. So maybe my volume was lower or higher during that section. Also, there are times where I say the wrong thing. For instance, I say Ledger when I mean, Trezor or say Trezor when I mean Ledger or something stupid like that and I go back and redub the video, but I assure you it’s always my voice
Bugs and fixes are common in software world, this is not the main matter. But this card, by generating Private keys, seed phrases online? This is the real problem!
Sorry this is not a tangem question but I been brainstorming trying to figure out how does rlusd works in xaman wallet, I set a trustline for rlusd but I don’t know how to move xrp into rlusd in xaman wallet. I want to take some of my xrp profit to hold in rlusd but I’m so lost. Can you please make a video on how to move xrp profit into rlusd. Thank you very much much.
Very informative video. I'm just trying to understand something. It's obviously more secure to NOT use a seed phrase. But if crypto is stored on a card, wouldn't a hacker need to get physical possession of the card in addition to the seed phrase to actually steal your crypto?
The crypto IS NOT in the hardware wallet. It is on the blockchain in the cloud. The hardware wallet just generates the private signature key (derived cryptographically from the seed). So if you restore another wallet with this seed, you have the private key ...
Forgive me but Tangem has addressed this question many times over. Long and short of it is that even if Tangem goes out of business, the app will still work so you would have plenty of time to move it to a different wallet if you’re worried. However the app is also open source so even if it disappears from the App Store an independent developer can Maintain it and you will still be able to use the Tangem card. By the way, Tangem is not planning on going out of business anytime soon.
I thought that the whole reason for the original ''seedless'' aspect of Tangem cold wallets was to give the cold wallet market the option of a seedless wallet to cut down on the complexity involved with other seed phrase designs, and hence why I opted to buy the Tangem 1.0 version. So why Tangem got their ears tweaked into re-designing their original version for the usual ''run of the mill' version, beats me !? If you need a truck to deliver large amounts of building material to your real estate project, you buy a truck, and dont buy a sports car, surely.!?
Hi Rex I was trying to take profits by swapping an erc20 to usdc on Tangem today and it never executed. Have you had any trouble with swap on Tangem? Ill probably try again at 3 or 4 a.m.
@@DustedinShadow i’ve never really had any problems with Tangem per se but when I’m doing token swaps all kinds of stuff can glitch out so it’s not uncommon for a swap not to go through. I think there have been times where I’ve tried three or four times before it went through, but usually that’s over on UNI swap
Love your videos, Crypto Dad. However, IMO, Tangem's security flaw speaks to their team's testing when applying the old seedless code to the seed-phrase-enabled devices. If their testing didn't reveal such a serious flaw, I wonder what else they missed or are missing. I hope they didn't use $9/hour engineers like I read Boeing did. For that reason alone, IMO sloppy roll out, I will never buy one. Their explanation, again IMO, downplayed the significance of this flaw. The only thing that might change my mind at this point would be proof that they carry insurance for customer losses due to flaws that are their fault.
I used my brain and told people not to buy this wallet because the seed is generated on the screen of the phone. I ended up following my heart and bought this wallet because the wallet had some coins that other wallets didn’t have. Now i regret. I shouldv’e followed my brain.
Hello. I did Transfer some crypto to my tangem wallet Everything went well I received them the question.. Is where the crypto are saved? on my card or on my phone. because it didn't ask to scan the cards They just appear in Tangem app Should I be worried? I thought every transaction involved the Cards Please anyone
You don’t need the card to authorize incoming transactions. You only need the card to authorize outgoing transactions and to set up the Wallet and by the way, your crypto is neither on the card nor in the phone your crypto is on the Blockchain.
sounds like a great big nothing burger to me, love my tangem and will continue to use and support Tangem. Keeping your private seed phrase written on a piece of paper in your house is just a stupid idea ... 3 cards stored in three locations is 1000 times safer ..
You do not know how those physical cards will age ... so oneday, by doubt, you will move your crypto from them because you know you dont have a seed restore option.
unfortunately, this was more than a bug, which we all know. This only could've happened if it was written in the code. Fact. I'll still use Tangem, but we need to be honest and not act like it's some sort of bug when it was written in code for it to happen.
Great analysis, thank you! I need some advice: I have a SafePal wallet with USDT, and I have the seed phrase. (alarm fetch churn bridge exercise tape speak race clerk couch crater letter). What's the best way to send them to Binance?
i just reset my tangem wallet without speed phrases Because of this tangen post your private keys were generated on the card's chip, and this issue does not affect you in any way. Because of this seedless setup, private keys are not generated on the mobile app and, therefore, cannot be logged.
@@MrIF-f9w the seed needs to be displayed, the fix now ensures it is deleted straight after instead of putting anywhere like logs - people need to get a grip.
@ you don’t get it, it’s a flawed designed device not meant to be used with a seed since the generated seed will always have to be displayed on your phone when created. To be considered a true cold storage you would need to at least keep your phone offline forever after been used to create a seed. Any other hardware wallet generates and displays the seed on its own display never relying on a phone for that. It’s just no safer than using Blue Wallet for that matter. And if you don’t use a seed you are completely stuck into their black box system being unable to restore your wallet on another manufacturer hardware wallet.
@@damians2real I don’t know that’s your decision but I like Cold Card, Trezor safe 3, 5, Keystone and possibly Ledger (but it wouldn’t be my first choice). Multisig is a good idea if you’re using Bitcoin.
No wallet is the perfect wallet . All of this cryptocurrencies is still new . Hackers are getting SMARTER AND SMARTER by the day .When something like this happens they upgrade their security and they learn to make it safer and Better, no different from Chevrolet , Ford, Honda vehicles many mistakes they make and RECALLS and they fix it and Lear form their mistakes .
@ It’s already been known for a long time that having private keys leave a hardware wallet is a bad idea. Just because nothing is perfect doesn’t mean there aren’t various levels of good, bad and mediocre.
![Noob To Max With DRAGON REWORK In Blox Fruits [FULL MOVIE]](http://i.ytimg.com/vi/LnBMOinoOvA/mqdefault.jpg)
🔑 Key Takeaway: The Tangem app security issue has been resolved, and no funds were lost or private keys compromised. If you were affected, make sure to update the app and reset your wallet to ensure your funds are safe. Please don’t panic-do your research and follow the steps I outlined in the video! 👇
Thanks, CD. Also, I am using trustwallet & noticed VTHO balance keeps dissappearing & reappearing when refreshing. I don't know if you are using Trustwallet, but I do have the latest update & if you heard anything about this? Again, thanks.
Let's say you see (mandatory security updates) on the app, saying have you been contacted directly through this app? Is scam or legit
What should I do if I haven't been effected at all nor have I updated anything for weeks on the app but have been using to send and recieve crypto no problems at all but that was about 4 days ago. Do u suggest I start a new address then send funds across to the seedless new account? Or save to leave as is
@sm5394 your app will get updated through the App Store if you’re on an iPhone. Through the Google Play store if you’re on an android. Just go to either one of those to run your updates. Don’t click on any links or emails or text or anything like that telling you you need to run an update. Those are probably likely scams.
@@scottishcrypto2871 are you using the seed phrase option? Did you contact tech-support through the app interface? If not, then you have not been affected by this.
To me, this is the best RUclips channel I subscribed to… It really is the most valuable information entire library. Thank You Rex❤
Thanks, that’s kind of you!
How in the world there could be something in the code to email your seed to tech support in first place? In which scenario that would be remotely needed? Calling it a bug is a big stretch... that´s what happens if you trust something that is not completely open source.
Calling this a bug is bizarre. To email the keys, in plain text no less, is so lame, that i believe the whole product is now comprised. The tech may be 1st rate but 4th string programmers can be a disaster for users.
Tangem is open source it's only the firmware which isn't open source and that has nothing to do with this bug given it was fixed with an app update also seeds weren't being sent to support I would recommend reading the full blog post that cryptodad linked in the description
@ apparently not open source enough to prevent this. My question is, someone created a code that grabs the seed and sends to the support email, that’s not how bugs work. It was created intentionally and maybe not supposed to be part of the final release to the public, but for sure not a simple unpredictable bug.
@@MrIF-f9w again no one has lost crypto. Anyone that was affected, can simply move their crypto somewhere else and use the latest version of the app.
What a 💩 show 🤬they had only ONE task to protected seed phrase \ private key and failed
This is such a major oversight, users private keys will be stored in the app log for a number of days before being wiped (apparently). This could be accessible to a hacker for that time frame, regardless of whether you've emailed support or not.
@@AlexBowmanEcomRanger ok and what if you didn’t get hacked
so if one were super paranoid, would a solution be to follow the instructions, even if you were not "affected" per tangems' procedures...(transfer funds out, reset card to factory, reactivate the card with OR WITHOUT THE SEED PHRASE, then transfer funds back to the reactivated card)???
I think I understand what you are getting at. Hackers can be sneaky and there are so many different ways to hack apps log data...a hacker might not take action right away to steal the private key..which apparently is not encrypted in the log files of the app. This would be expected as hackers generally wait until they have amassed a sizable number of stolen key over time before executing the theft because to do it one by one present a "risk" of having the operation detected and limiting the overall heist haul.
as a matter of good security, I think it's probably a good idea to do the procedure even IF you do not fall into the small set of circumstance that tangem has outlined.
additionally, and don't want to insinuate tangem has done a really bad job at simple security with this "bug", but it would be prudent that they publish and allow a third party to audit their security and start looking for other areas of risk: if you didn't have the awareness that logs from the app contained unencrypted private keys and were being sent via the wild wild interweb, that's a pretty big sign that security audits were not being performed at tangem. It's such an obvious security escape that indicates to me this company and whomever they hired to perform penetration testing and security stress tests did not do even a basic job. it's such an obvious thing ...unecruypted log files that contain the private key, that can be emailed unwittingly by the user, or shared automatically without the users control over whether they know the private key is being shared? that's a huge red flag.
so in terms of how to build trust back, I think it's reasonable to expect tangem to have a third party come in and look broadly at the entire thing end to end and look for other things the company may not have done correctly. This is exactly the sort of thing that hackers would want to use to steal funds. At I will repeat, apps on smarts phones are not very secure. and certainly if the log files are not encrypted makes it even trivial. ..no serious work involved once you have that file, malking theft of the funds without any need or any sophistication.
And the surface area for attacks on smart phones and apps are enormous. I just recently bought a tangem card. I haven't used it yet, but I don't think I will until I see the company publishing a little bit more transparency and a formal third party audit to verify they are doing what should have happened to prevent this obvious "bug".
It cant be accessed by hackers, unless the app is compromised, very unlikely.
@@AlexBowmanEcomRanger no one has lost any crypto if you were affected, simply move your crypto somewhere else. That that’s all you have to do.
@@numbased or your mobil is compromised!
I will continue to use Tangem - seedless of course! Thanks for a clarifying video.
For a company that boast about having two independent audit companies audit there wallet, either they are lying or those two companies are complete useless.
@@badsanta6513 that's a fantastic point.
This confirms what I have always practiced. Spread your crypto in many seeds/devices/brands (at least 2 brands). It is more difficult to manage, but lazy people will get caught ...
But thinking that keeping a seed phrase safe on a paper is difficult and dangerous is also an act of laziness.
Great job getting this explained CryptoDad! As mentioned, the whole point of the Tangem, and what sold me, was NOT using seed phrase, so it blows my mind someone would use one.
I totally agree
Thanks for sharing knowledge as always. App just asked me if I’d reached out to them - glad they’re doing due diligence
You bet!
i reset to factory settings, after the first card was reset the app was like new, when i scan the card to create new wallet, the rest 2 cards cannot be back up cards, as the notification mentioned is that those 2 cards belong to other wallet, looks that the reset settings was applied to the main card only. what to do?
@cryptodad Its really silly to call such an oversight a bug. this is just corporate damage control. they f-ed up by 1) recording seedphrase in cleartext in log that just shows poor judgement and/or code review/QA practices 2) uploading these logs w/o sanitizing them, its common industry practice. the entire point of these h/w secure devices is to handle sensitive data carefully which they have demonstrated they dont. Hence the reddit panic.
Glad nobody lost crypto ! I would always want a copy of my 12-24 words. I get that some people do not trust themselves.
I knew there would be problems with tamgem. Seed phrase should never be generated on the app of a hardware wallet. It should be generated on thr device itself and never transfered to the app.i think all move to the keystone instead
Thank you for Clearing this out 🙏
Bit off topic but congrats on 180k subs!
Thanks!
This Tangem flaw is a canyon of incompetence. It’s an outrageous display of amateurism, unforgivable, and destroys all credibility-be it audits or military-grade security. Defending Tangem means betraying the trust of your community again.
What you should do is refund subscribers who bought using your promo code and sever ties with these scammers. Tangem is just a startup selling $1 products for $60, paying influencers while disregarding regular users.
Bro?
You're fine if you didn't use the contact support and if you were to use the seed phrase the log will be exposed.
Seedless is logged but is encrypted.
i update the app, and after i send msg to support from app, i get an email from them that i open but i dont download some files that was there, after some hours i get email from other email address (suspicious) that tell me to update app and after direct contact the support from app. i go to the app support and was there a lot of codes, a ready email just to send, i didnt send. i am in dangerous? my money is there
Move your crypto now to another wallet or exchange - this is the best assurance
Always the best videos. Ty❤❤❤
Thanks for the explanation. your videos are always so clear and precise. Happy 2025!
Tangem is ready to implement a "seed recovery service" (as Ledger did)
excellent video. best ive seen on the topic.
They likely mean know one has reported losing crypto. How can they possibly know for sure no one has lost their crypto due to this. Just curious.
Good question. Maybe no crypto initially on a tangem has been moved yet using another device. (?) strange though ....
You would hear about it on reddit in the community
@@Black-Circle humm... have never used reddit my whole life lol
You said that the seed phrase was compromised. On Tangem web site they say the “private key” was compromised. Who is right? Are Seed phrase and private key the same?
By no means, they are not the same!
@ So the private key is the password for the card itself?
Yes, I was incorrect. It was the private key. Not the seed phrase. Sometimes the two terms can be interchangeable when speaking about hardware wallets. But not in this case. The private key is a very long number. The seed phrase is a list of 12 or 24 words
@@CryptoDadthe private key is createt out of the seed phrase.
It does cost money to move crypto, so the time it takes and the cost of that is a loss. 😢
You say ''If you think you may have been effected then, move your crypto'' or ''buy a new Tangem wallet''. So you are telling me , those who have just paid and setup a new Tamgem wallet have to buy another one?? due to a security issue within the company.
You don't need to buy a new wallet. Just move your funds away so you can access them later. Then, factory reset all the cards. If you want to use Tangem as a hardware wallet, you must activate it WITHOUT the seed phrase. With seed phrase option, Tangem becomes a software wallet because the seed phrase is displayed on the mobile screen which is just controlled by a non-secure MCU chip, not the EAL6+ SE chip. The smartphone is always connected to internet.
can you factory reset your tandem card? @@rukshanmanorathna6276
@@rukshanmanorathna6276 i put my phone in airplane mode during the seed phrase part. I dont have any weird apps on my iPhone.
What do you mean by “move your funds away” you mean to another wallet?
referring to 5:51 mins , so Tangem still stores all the backup phrases over at their side?
How come hot wallet like Trust Wallet can generate see phrase when Airplane mode is on and Tangem CANNOT????
Sounds like a big rug waiting to happen. You should always be able to generate a key offline. Hope they don't have a data stock piled list of everyone's keys, it would be a disaster
Yes You can 👍
Am open my tangem wallet seen the one options mandetry security update ( have you ever contacted tangem support directly through this application last showing No..or Yes options so please help me what should I do )
The issue is if we imported seed wallet, the other non-Tangem wallet would be compromised correct?
Does anyone know which github repository was the fix applied on for the 'private key logging' issue? And nice if you could cite the specific commit hash.
The version numbers on the fix are in the description and the blog post from Tangem
@@reclee8333 they just disabled log system and added code to remove latest log file. Android app repo. Maybe for iOS too.
Y'all are fine you didn't contact support via app.
Only seed phase are affected, before the fix.
Seedless is logged but is encrypted.
Anyways it should be used seedless as it was designed for.
If I don’t setup a manual seed phrase and something happens to tangem.. will I lose access and ability to transfer funds? Im really having difficulty which option to choose..
That’s why I chose seed…
Hi Crypto dad do you have any video how to send op optimism from ledger to exchange please
Can you give us tutorial how to set seed phrase after you didnt do it on initial setup. Thank you
I’m not going to panic over one security issue that has been resolved. Out of an abundance of caution I transferred my crypto off the card and did a factory reset. Anyone who used the seed phrase method should do this.
I’m new to all of this and go figure this happens literally days after I do a major buy in with my fancy new Tangem. I don’t think I was affected due to the timing and app version (and I never sent an email). When you say “transfer off the card” do you mean transfer to a new wallet/hardware device? Thanks
is it not possible that a attacker could read the log the app kept .... just cause the bug attached the key to tech support when log was sent , what's stopping attacker or some kinda backup software from keeping and reading that same log.
@@BR-qg5jd just move your crypto if you’re worried about that. Update to the latest version that does not contain the bug and move on with your life. Happy new year.
@CryptoDad and waste the 60 bucks I spent just this past Christmas for the wallet ? I just got this thing
So, now with the new updated app, is it safe to use the seed phrase?
Yes
Self-custody is great, but only with your responsibility. Otherwise, it will be the worst!
Voice change at @3:00? Is that your real voice?
I assure you all of my videos are 100% my voice ha ha. That particular part you’re talking about was a splice where I talked about crypto not being tainted when a wallet is compromised and then it shifted to another section quickly without a transition. So maybe my volume was lower or higher during that section. Also, there are times where I say the wrong thing. For instance, I say Ledger when I mean, Trezor or say Trezor when I mean Ledger or something stupid like that and I go back and redub the video, but I assure you it’s always my voice
Bugs and fixes are common in software world, this is not the main matter.
But this card, by generating Private keys, seed phrases online? This is the real problem!
Sorry this is not a tangem question but I been brainstorming trying to figure out how does rlusd works in xaman wallet, I set a trustline for rlusd but I don’t know how to move xrp into rlusd in xaman wallet. I want to take some of my xrp profit to hold in rlusd but I’m so lost. Can you please make a video on how to move xrp profit into rlusd. Thank you very much much.
Very informative video. I'm just trying to understand something. It's obviously more secure to NOT use a seed phrase. But if crypto is stored on a card, wouldn't a hacker need to get physical possession of the card in addition to the seed phrase to actually steal your crypto?
Isn’t there a PIN code or password to get entry into the card?
The crypto IS NOT in the hardware wallet. It is on the blockchain in the cloud. The hardware wallet just generates the private signature key (derived cryptographically from the seed). So if you restore another wallet with this seed, you have the private key ...
Rex could you do a step by step into setting it up the correct way. Much appreciated, if you could.
Kyle, the new Tangem intern, is in big trouble.
awesome thanks for posting!
I don't have Tangem wallet, I don't have to worry about my crypto. 😊
If I don't create a private key, how do I recover funds if Tangem is discontinued?
Forgive me but Tangem has addressed this question many times over. Long and short of it is that even if Tangem goes out of business, the app will still work so you would have plenty of time to move it to a different wallet if you’re worried. However the app is also open source so even if it disappears from the App Store an independent developer can Maintain it and you will still be able to use the Tangem card. By the way, Tangem is not planning on going out of business anytime soon.
@@CryptoDad Tks
I thought that the whole reason for the original ''seedless'' aspect of Tangem cold wallets was to give the cold wallet market the option of a seedless wallet to cut down on the complexity involved with other seed phrase designs, and hence why I opted to buy the Tangem 1.0 version. So why Tangem got their ears tweaked into re-designing their original version for the usual ''run of the mill' version, beats me !? If you need a truck to deliver large amounts of building material to your real estate project, you buy a truck, and dont buy a sports car, surely.!?
Its asking me have u ever use tangem support from the app? Yes or no?what should i do?
If you used the seed phrase creation option to setup up your wallet then option "yes" as Tangem support would have sent you the seed phrase.
no
Well have you?
@@CryptoDad i have the seed phrase option. but I havent contacted Tangem via the app support.
Same as me, mandatory security updates
Have you been contacted directly through this app
Option No or yes
is it legit
Can't use Tandem on my PC unfortunately
It was never designed to be operated on PC.
Hi Rex I was trying to take profits by swapping an erc20 to usdc on Tangem today and it never executed. Have you had any trouble with swap on Tangem? Ill probably try again at 3 or 4 a.m.
@@DustedinShadow i’ve never really had any problems with Tangem per se but when I’m doing token swaps all kinds of stuff can glitch out so it’s not uncommon for a swap not to go through. I think there have been times where I’ve tried three or four times before it went through, but usually that’s over on UNI swap
Yeah , I didn’t want a seed phrase that was one of the best things with Tangem as long as you don’t lose your 3 cards
Or as long you don’t like to switch to a more secure wallet.
Love your videos, Crypto Dad. However, IMO, Tangem's security flaw speaks to their team's testing when applying the old seedless code to the seed-phrase-enabled devices. If their testing didn't reveal such a serious flaw, I wonder what else they missed or are missing. I hope they didn't use $9/hour engineers like I read Boeing did. For that reason alone, IMO sloppy roll out, I will never buy one. Their explanation, again IMO, downplayed the significance of this flaw. The only thing that might change my mind at this point would be proof that they carry insurance for customer losses due to flaws that are their fault.
I used my brain and told people not to buy this wallet because the seed is generated on the screen of the phone. I ended up following my heart and bought this wallet because the wallet had some coins that other wallets didn’t have. Now i regret. I shouldv’e followed my brain.
You the best thank you so much..
Thank you!
Mine wont even show my currency, so what is causing this poor internet ?
If I reset the password of the cards will it be safe?
No. The crypto is not in the cards.
Definitifely not!
That's a pretty big damn mistake!
Hello. I did Transfer some crypto to my tangem wallet Everything went well I received them the question.. Is where the crypto are saved? on my card or on my phone. because it didn't ask to scan the cards They just appear in
Tangem app Should I be worried? I thought every transaction involved the Cards Please anyone
You don’t need the card to authorize incoming transactions. You only need the card to authorize outgoing transactions and to set up the Wallet and by the way, your crypto is neither on the card nor in the phone your crypto is on the Blockchain.
Thank you I feel much better now.
@@CryptoDad Everyday I'm starting to get more knowledge about it. Thanks for you and for your videos. I really appreciate it.
Still never been hacked. Nothing is flawless in life
Tangem should have a sale. Everything half off 😅
Thanks for the valuable info
Glad it was helpful!
Just keep to the default and secure version if you are not a pro.
Good advice!
Do you think Tangem still secure to keep my cripto?
No
Luckily i got my cards 31 dec and had the updated app
The voice of reason now i feel at ease 😊
Thanks Rex
sounds like a great big nothing burger to me, love my tangem and will continue to use and support Tangem. Keeping your private seed phrase written on a piece of paper in your house is just a stupid idea ... 3 cards stored in three locations is 1000 times safer ..
Yes, a reasonable solution. Keep I simple.
You do not know how those physical cards will age ... so oneday, by doubt, you will move your crypto from them because you know you dont have a seed restore option.
unfortunately, this was more than a bug, which we all know. This only could've happened if it was written in the code. Fact.
I'll still use Tangem, but we need to be honest and not act like it's some sort of bug when it was written in code for it to happen.
Great analysis, thank you! I need some advice: I have a SafePal wallet with USDT, and I have the seed phrase. (alarm fetch churn bridge exercise tape speak race clerk couch crater letter). What's the best way to send them to Binance?
Lol
Sounds like you're blaming people who wanted the seed phrase functionality.
@@airconlover yes I am
I lost, probably from this hack - around November 4th, after some Tangem update
I felt using the seed phase adds another way for people to have access. So I do not use one. I think Tangem is great the way it is no seed phrase.
Until you break or loose your cards ...
Tangem seedless approach is secure.
i just reset my tangem wallet without speed phrases
Because of this tangen post
your private keys were generated on the card's chip, and this issue does not affect you in any way. Because of this seedless setup, private keys are not generated on the mobile app and, therefore, cannot be logged.
376th... Thanks CryptoDad
🙏
tangem very dangeros and not diference wallet
Why would anyone buy this wallet
I did because it seemed like a good one
There was no reason for this at all, just a hype from some influencers who made money with their recommendation.
@ i still have confidence in the wallet. I set mine up after the bug
Tangem = next LEDGER scandal?? Airgap is the way.... folks
You are right!
Tangem should remove the seed phrase option.
Why the issues have been fixed
Customers demanded it so Tangem complied.
@SmilingArdno it didn’t, the seed will still be generated and displayed on your phone… how’s that for a cold storage?
@@MrIF-f9w the seed needs to be displayed, the fix now ensures it is deleted straight after instead of putting anywhere like logs - people need to get a grip.
@ you don’t get it, it’s a flawed designed device not meant to be used with a seed since the generated seed will always have to be displayed on your phone when created. To be considered a true cold storage you would need to at least keep your phone offline forever after been used to create a seed. Any other hardware wallet generates and displays the seed on its own display never relying on a phone for that. It’s just no safer than using Blue Wallet for that matter. And if you don’t use a seed you are completely stuck into their black box system being unable to restore your wallet on another manufacturer hardware wallet.
😃👍🏼👊🏼
I love my tangem ring 💍💅
I love mine too but i am very disappointed on tangem
Now only a smart piece of juwelery but not a secure wallet.
Why would anyone buy this stupid wallet? There’s much better options on the market…
What should i ise
What should i use *
@@damians2real I don’t know that’s your decision but I like Cold Card, Trezor safe 3, 5, Keystone and possibly Ledger (but it wouldn’t be my first choice). Multisig is a good idea if you’re using Bitcoin.
No wallet is the perfect wallet . All of this cryptocurrencies is still new . Hackers are getting SMARTER AND SMARTER by the day .When something like this happens they upgrade their security and they learn to make it safer and Better, no different from Chevrolet , Ford, Honda vehicles many mistakes they make and RECALLS and they fix it and Lear form their mistakes .
@ It’s already been known for a long time that having private keys leave a hardware wallet is a bad idea. Just because nothing is perfect doesn’t mean there aren’t various levels of good, bad and mediocre.
Buddy, all those wallets are bullshit. I Don’t trust anyone here😉😀