$4.8M in Seized Crypto Stolen After Korean Tax Agency Accidentally Leaks Wallet Seed Phrase
scsecMarch 3, 20262 Mins read 
$4.8M in Crypto Stolen After South Korean Tax Agency Exposes Wallet Seed Phrase
South Korea’s National Tax Service (NTS) accidentally exposed the mnemonic recovery phrase of a confiscated cryptocurrency wallet, leading to the theft of approximately $4.8 million in digital assets.
The wallet, a Ledger cold storage device, had been seized during coordinated raids targeting 124 high-value tax evaders. Authorities reported confiscating digital assets worth 8.1 billion won (about $5.6 million) as part of the enforcement action.
However, when announcing the operation’s success, the NTS released photographs of the Ledger device. The images included a handwritten note displaying the wallet’s recovery seed phrase — effectively the master key required to restore and access the wallet on any compatible device.
How the Theft Happened
Because the recovery phrase was visible in the publicly released images, anyone could use it to reconstruct the wallet and transfer the funds.
Shortly after the press release went live, approximately 4 million Pre-Retogeum (PRTG) tokens — valued at roughly $4.8 million at the time — were moved out of the seized wallet to a new address.
According to blockchain analysis, the attacker first transferred a small amount of Ethereum (ETH) into the wallet to cover gas fees. They then executed three separate transactions to move the PRTG tokens out of the account.
On-chain data reviewed via Etherscan confirmed the sequence of transactions.
Cho Jae-woo, a blockchain data analysis expert and professor at Hansung University in Seoul, compared the mistake to leaving a wallet open in public and inviting anyone to take the money. He attributed the incident to a lack of understanding of virtual asset security, noting that the oversight effectively cost the national treasury billions of won that had already been successfully confiscated.
Aftermath and Investigation
The NTS has since removed the press release from its website. It remains unclear whether authorities have launched a formal investigation into the theft or identified the recipient address behind the stolen funds.
The incident underscores the irreversible nature of cryptocurrency transactions. Once assets are transferred and confirmed on the blockchain, recovery is extremely difficult without cooperation from exchanges or other intermediaries.
A Critical Reminder About Seed Phrases
This case highlights the importance of safeguarding recovery phrases for hardware wallets.
A seed phrase provides full control over a cryptocurrency wallet. Anyone who obtains it can recreate the wallet on another device without needing the original hardware wallet, PIN, or owner permission.
Security experts recommend:
- Never digitizing seed phrases
- Avoid storing them in photos, email drafts, cloud storage, or messaging apps
- Keeping them offline in a secure physical location
- Immediately transferring funds to a new wallet if a seed phrase is ever exposed
Even hardware wallets offer no protection if the recovery phrase is compromised. As demonstrated in this case, a single lapse in operational security can result in multimillion-dollar losses within minutes.
- blockchain forensics
- blockchain security
- cold wallet breach
- crypto confiscation
- crypto investigation
- crypto security
- cryptocurrency theft
- digital asset security
- Ethereum gas fees
- Etherscan
- hardware wallet
- Ledger wallet
- mnemonic recovery phrase
- National Tax Service Korea
- operational security failure
- PRTG token
- seed phrase leak
- South Korea news
- wallet compromise
1 Comment
Leave a Reply
Related Articles
DoJ Seizes $61 Million in Tether from Global Pig Butchering Crypto Scam Network
DoJ Seizes $61 Million in Tether Linked to Pig Butchering Crypto Scams...
Europol’s Project Compass Dismantles The Com Cybercrime Network, 30 Arrested Across 28 Countries
Europol’s ‘Project Compass’ Targets The Com Network, 30 Arrested A yearlong international...
Cyberwar Erupts as US-Israel and Iran Exchange Wiper Attacks, DDoS Strikes, and Infrastructure Hacks
US-Israel and Iran Exchange Cyber Blows as Conflict Escalates The escalating military...
Pakistani News Channels Hacked, Live Feeds Hijacked With Anti-Military Propaganda
Pakistan’s Leading News Channels Hacked, Live Feeds Hijacked With Anti-Military Messages On...
This incident is a stark reminder that even government agencies must follow strict operational security when handling digital assets. A seed phrase is the ultimate key to a crypto wallet — once exposed, there’s no recovery. Proper redaction and basic crypto awareness could have prevented a multimillion-dollar loss.