South Korean Tax Agency Crypto Blunder Leads to $4.8 Million Loss
A critical security lapse by South Korea’s National Tax Service (NTS) has resulted in the theft of approximately $4.8 million worth of cryptocurrency. The incident, stemming from the accidental public disclosure of a cryptocurrency wallet recovery phrase, highlights growing concerns over the secure management of seized digital assets by government agencies.
The Accidental Disclosure
The NTS inadvertently exposed the mnemonic recovery phrase – a series of words essential for accessing and restoring a crypto wallet – in a press release photo on February 26, 2026. The release detailed the seizure of four Cold Wallets from a delinquent taxpayer who owed capital gains tax. Anyone possessing this phrase could restore and access the cryptocurrency without needing physical access to the Cold Wallet. Korea JoongAng Daily first reported the incident.
Rapid Exploitation of the Vulnerability
The vulnerability was quickly exploited. Shortly after the press release, approximately 4 million Pre-Retogeum (PRTG) tokens, valued at around $4.8 million at the time, were transferred from the compromised wallet to a new address. Blockchain analysis, as cited by AlphaBiz, indicates the attacker deposited a small amount of Ethereum to cover transaction fees before meticulously transferring the PRTG tokens in three separate transactions.
Police Investigation and Initial Report
The Korean National Police Agency’s Cyber Terror Response Division launched an investigation after receiving a report from an individual who claimed to have accessed the cryptocurrency “out of curiosity” and subsequently returned the assets. Police are currently reviewing transaction records to verify this account.
A Pattern of Security Failures
This incident is not isolated. Recent cases at the Seoul Gangnam Police Precinct and the Gwangju District Prosecutors’ Office have also revealed poor management of mnemonic codes and seized cryptocurrency. In a 2021 case, operators allegedly used a known mnemonic code to transfer 22 Bitcoins (approximately $1.5 million as of February 2026) from a Cold Wallet under police control. Another incident in February involved the unauthorized transfer of 320.88 Bitcoins from the Gwangju District Prosecutors’ Office.
Strengthened Security Measures
In response to these breaches, the police introduced new measures on February 23, 2026, to improve the management of seized virtual assets. These measures include entrusting confiscated cryptocurrency to specialized custodial firms and establishing formal rules for digital asset storage. Specifically, the police will designate two officials – an evidence manager and a lead investigator – to jointly manage Cold Wallets, splitting control of the recovery phrase and password. Monthly balance checks and inspections will also be conducted.
NTS Apology and Government Response
The NTS issued an apology on Sunday, acknowledging its failure to recognize the sensitive information contained in the press release photo. Deputy Prime Minister and Finance Minister Koo Yun-cheol stated that the government will inspect the status and management of digital assets held by public institutions and implement measures to prevent future occurrences.
This series of incidents underscores the critical need for robust security protocols and diligent management practices when handling seized cryptocurrency, as well as the potential consequences of even minor oversights in the digital asset space. BleepingComputer also reported on the incident.